Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32/Rootkit.Agent.ODG


  • This topic is locked This topic is locked
14 replies to this topic

#1 triscope

triscope

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 21 July 2009 - 04:04 PM

I scanned my system with malwarebytes, spybot, nod32 and only nod32 keeps saying that my memory is infected. I tried combofix also and that didnt work (I dont see anything suspicious in the log. I can post it if you want).
gmer will load but I cant really do anything with it. When I right click I cant select any option to do any changes.

Same goes for rootkit repeal. Repeal and gmer do show that I have some rootkit infection but I cant do anything with them. Hijackthis log also doesn't seem to show anything suspicious.

Also I cant even access safemode. Whenever I try to access safemode, my computer just reboots. So it seems like its affected even that as well.

I really hope there is a solution. This damn rootkit is really pissing me off. I've tried a few suggestions by others who had this problem and so far I cant seem to find a solution. I can post the logs of whatever you need.

Finally I ran DDS and HJT as requested by boopme and I am posting the log results here as the instructions indicated.

Any help would be greatly appreciated. I just hope I can get rid of this thing.

Thanks!

----------------------------------------------------------
DDS LOG RESULTS
----------------------------------------------------------

DDS (Ver_09-06-26.01) - NTFSx86
Run by K0MPR3SS0R at 16:51:27.62 on 21/07/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1440 [GMT -4:00]

AV: Avanquest VirusScanner Pro *On-access scanning enabled* (Updated) {6A383D4C-7657-408f-BD0D-B379B5C7C3BE}
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Documents and Settings\K0MPR3SS0R\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: Copernic Agent Results: {6f480f82-c3a6-4d35-96f7-b297ad49fbe8} - c:\program files\copernic agent\CopernicAgentExt.dll
EB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: {3DD2AE91-574F-4618-BBEB-CA2AD8A060D3} = 192.168.1.1
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\k0mpr3~1\applic~1\mozilla\firefox\profiles\smklq0ud.default\
FF - prefs.js: browser.startup.homepage - hxxp://WWW.GOOGLE.CA
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

============= SERVICES / DRIVERS ===============

R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2008-4-10 244736]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R3 JakNDis;Jaksta Service;c:\windows\system32\drivers\JakNDis.sys [2008-8-4 26656]
R3 mbr;mbr;\??\c:\docume~1\k0mpr3~1\locals~1\temp\mbr.sys --> c:\docume~1\k0mpr3~1\locals~1\temp\mbr.sys [?]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2004-8-6 3584]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2008-2-3 35824]
S3 GPU-Z;GPU-Z; [x]
S3 I97DRIVER;I97DRIVER;\??\c:\progra~1\avanqu~1\fix-it\dgs.sys --> c:\progra~1\avanqu~1\fix-it\dgs.sys [?]
S3 MailScan;MailScan;\??\c:\progra~1\avanqu~1\fix-it\mailscan.sys --> c:\progra~1\avanqu~1\fix-it\MailScan.sys [?]
S3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\@bios\markfun.w32 [2008-2-8 17912]
S4 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\brother\bradmin professional 3\bratimer.exe [2009-1-8 65536]
S4 gupdate1c9cf58f3a58534;Google Update Service (gupdate1c9cf58f3a58534);c:\program files\google\update\GoogleUpdate.exe [2009-5-7 133104]
S4 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]

=============== Created Last 30 ================

2009-07-21 08:47 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-07-21 08:47 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-07-21 08:47 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-07-21 08:47 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-07-21 08:47 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-07-21 08:47 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-07-21 08:46 <DIR> --d----- c:\windows\system32\xlive
2009-07-21 08:46 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-07-20 19:15 102,800 a------- c:\windows\system32\drivers\tmcomm.sys
2009-07-20 18:29 <DIR> --d----- c:\program files\Trend Micro
2009-07-20 14:22 361,088 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-19 15:54 <DIR> --d----- c:\program files\HandBrake
2009-07-17 15:39 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-17 15:22 <DIR> a-dshr-- C:\cmdcons
2009-07-17 15:12 219,648 a------- c:\windows\PEV.exe
2009-07-17 15:12 161,792 a------- c:\windows\SWREG.exe
2009-07-17 15:12 98,816 a------- c:\windows\sed.exe
2009-07-15 13:06 266,240 a------- c:\windows\system32\SdeNsx50.dll
2009-07-15 13:06 155,648 a------- c:\windows\system32\Sde50.dll
2009-07-15 13:06 <DIR> --d----- c:\program files\Windows Lotto Pro 2000
2009-07-15 10:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 10:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-15 10:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 23:09 <DIR> --d----- c:\program files\ESET
2009-07-04 09:31 268 a---h--- C:\sqmdata02.sqm
2009-07-04 09:31 244 a---h--- C:\sqmnoopt02.sqm
2009-06-24 11:38 <DIR> --d----- c:\docume~1\k0mpr3~1\applic~1\Braid

==================== Find3M ====================

2009-07-20 14:22 361,088 a------- c:\windows\system32\drivers\TCPIP.SYS
2009-07-08 18:43 81,984 -------- c:\windows\system32\bdod.bin
2009-05-14 11:41 73,108 -------- c:\windows\system32\mlfcache.dat
2009-05-13 09:40 2,678 a------- c:\windows\java\packages\data\TBZNL779.DAT
2009-05-13 09:40 2,678 a------- c:\windows\java\packages\data\H3JPJ5R1.DAT
2009-05-13 09:40 2,678 a------- c:\windows\java\packages\data\GJR5BNHR.DAT
2009-05-13 09:40 2,678 a------- c:\windows\java\packages\data\7NBBNRPB.DAT
2008-10-20 17:27 2,194 a------- c:\docume~1\k0mpr3~1\applic~1\SAS7_000.DAT
2008-03-09 08:25 236 a---h--- c:\program files\common files\dx.reg
2008-02-10 17:23 22,328 a------- c:\docume~1\k0mpr3~1\applic~1\PnkBstrK.sys

============= FINISH: 16:53:02.71 ===============


----------------------------------------------------------
HJT LOG RESULTS
----------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:30 PM, on 21/07/2009
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD2AE91-574F-4618-BBEB-CA2AD8A060D3}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10058 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 triscope

triscope
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 22 July 2009 - 06:32 PM

Hi, do I need to also show the log of gmer or rootkit repeal in here ?

===========

Hello

No, you do not need to show those logs unless your helper requests it.

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 24 July 2009 - 07:36 PM.


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:10 PM

Posted 31 July 2009 - 04:46 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:10 PM

Posted 04 August 2009 - 06:16 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:10 PM

Posted 10 August 2009 - 02:51 PM

Reopened at OP request.

unite.jpg


#6 triscope

triscope
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 10 August 2009 - 02:57 PM

Here are the logs requested:

MBAM
------------------------------------
Malwarebytes' Anti-Malware 1.39
Database version: 2548
Windows 5.1.2600 Service Pack 3, v.3244

03/08/2009 2:39:56 AM
mbam-log-2009-08-03 (02-39-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 257355
Time elapsed: 29 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrhmgebqek.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\msxm192z.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msxmlhpr (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\geyekrhmgebqek.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxm192z.dll (Trojan.Agent) -> Delete on reboot.



-------------------------------------------
LOG.TXT
-------------------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by K0MPR3SS0R at 2009-08-08 12:50:02
Microsoft Windows XP Professional Service Pack 3, v.3244
System drive C: has 22 GB (11%) free of 200 GB
Total RAM: 2046 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:05 PM, on 08/08/2009
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\xRaidSetup.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Rundll32.EXE
C:\WINDOWS\system32\Rundll32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\Apps\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\K0MPR3SS0R.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSxmlHpr] RUNDLL32.EXE C:\WINDOWS\system32\msxm192z.dll,w
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD2AE91-574F-4618-BBEB-CA2AD8A060D3}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 12115 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1 Copernic Intra-Daily ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\tasks\2 Copernic Daily ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\tasks\3 Copernic Weekly ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\tasks\4 Copernic Monthly ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\NatSpeak Periodic Acoustic Optimization.job
C:\WINDOWS\tasks\NatSpeak Periodic Language Model Optimization.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class - C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Copernic Agent - C:\PROGRA~1\COPERN~1\COPERN~1.DLL [2004-12-02 1142744]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-07-12 178712]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]
"nwiz"=nwiz.exe /install []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-12-13 2051096]
"Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2007-12-13 2095640]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"DNS7reminder"=C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [2007-04-16 259624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"VX3000"=C:\WINDOWS\vVX3000.exe [2008-08-04 721936]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-15 86016]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"MSxmlHpr"=C:\WINDOWS\system32\msxm192z.dll [2004-08-17 28672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-13 1287440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-10-31 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-10-31 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-02-02 240544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandwidth Monitor Pro]
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe [2005-02-16 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac]
C:\DOCUME~1\K0MPR3~1\LOCALS~1\Temp\e.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2007-10-31 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2009-02-06 3325952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe /SHOWHIDE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2007-10-31 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2007-12-06 1910040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3
"Nero BackItUp Scheduler 3"=2
"Microsoft Office Groove Audit Service"=3
"Apple Mobile Device"=2
"usnjsvc"=3
"SandraTheSrv"=3
"SandraDataSrv"=3
"PnkBstrA"=2
"RoxWatch10"=2
"RoxMediaDB10"=3
"RoxLiveShare10"=2
"Roxio Upnp Server 10"=2
"Roxio UPnP Renderer 10"=3
"gupdate1c9cf58f3a58534"=2
"Brother XP spl Service"=2
"BRA_Scheduler"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Gigabyte\@BIOS\gwflash.exe"="C:\Program Files\Gigabyte\@BIOS\gwflash.exe:*:Enabled:gwflash"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\sandra.exe:*:Enabled:SiSoftware Sandra Pro Home"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Pro Home"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Pro Home"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\ElectricSheep.scr"="C:\WINDOWS\system32\ElectricSheep.scr:*:Enabled:ElectricSheep"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\RealVNC\VNC4\vncviewer.exe"="C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:Run VNC Viewer"
"C:\Games\BCR\bcr.exe"="C:\Games\BCR\bcr.exe:*:Enabled:Bionic Commando Rearmed"
"C:\Program Files\Maple 12\jre\bin\maple.exe"="C:\Program Files\Maple 12\jre\bin\maple.exe:*:Enabled:Maple 12"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Brother\BRAdmin Professional 3\discover.exe"="C:\Program Files\Brother\BRAdmin Professional 3\discover.exe:*:Enabled:BRAdmin Professional 3"
"C:\Program Files\Brother\BRAdmin Professional 3\AuditorServer.exe"="C:\Program Files\Brother\BRAdmin Professional 3\AuditorServer.exe:*:Enabled:BRAdmin Professional 3"
"C:\Program Files\Brother\BRAdmin Professional 3\bradminv3.exe"="C:\Program Files\Brother\BRAdmin Professional 3\bradminv3.exe:*:Enabled:BRAdmin Professional 3"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Downloads\Apps\eclipse-SDK-3.3-win32\eclipse\eclipse.exe"="C:\Downloads\Apps\eclipse-SDK-3.3-win32\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\OPNET EDU\9.1.A\sys\pc_intel_win32\bin\itguru.exe"="C:\Program Files\OPNET EDU\9.1.A\sys\pc_intel_win32\bin\itguru.exe:*:Enabled:OPNET 9.1.A"
"C:\Games\Burnout_Paradise\BurnoutLauncher.exe"="C:\Games\Burnout_Paradise\BurnoutLauncher.exe:*:Enabled:Burnout™ Paradise The Ultimate Box"
"C:\Games\Burnout_Paradise\BurnoutConfigTool.exe"="C:\Games\Burnout_Paradise\BurnoutConfigTool.exe:*:Enabled:Burnout™ Paradise The Ultimate Box"
"C:\Games\Burnout_Paradise\BurnoutParadise.exe"="C:\Games\Burnout_Paradise\BurnoutParadise.exe:*:Enabled:Burnout™ Paradise The Ultimate Box"
"C:\Program Files\Xming\Xming.exe"="C:\Program Files\Xming\Xming.exe:*:Enabled:Xming X Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Lotto Pro 2000\proupdt.exe"="C:\Program Files\Windows Lotto Pro 2000\proupdt.exe:*:Enabled:proupdt"
"E:\Games\STREETFIGHTERIV\StreetFighterIV.exe"="E:\Games\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\sandra.exe:*:Enabled:SiSoftware Sandra Pro Home"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Pro Home"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Pro Home"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8e26cd0-758a-11de-a875-001a4d55782d}]
shell\AutoRun\command - H:\wubi.exe --cdmenu


======List of files/folders created in the last 1 months======

2009-08-08 12:50:02 ----D---- C:\rsit
2009-08-06 11:46:59 ----D---- C:\Program Files\Windows Lotto Pro 2000
2009-08-03 02:40:09 ----A---- C:\Program Files\qbkjgaj.txt
2009-07-29 17:22:23 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap Games
2009-07-29 17:22:19 ----D---- C:\Program Files\PopCap Games
2009-07-22 18:28:38 ----D---- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
2009-07-22 18:28:37 ----D---- C:\WINDOWS\Easy CD-DA Extractor 12.0.1
2009-07-22 18:28:37 ----D---- C:\Program Files\Easy CD-DA Extractor 12
2009-07-22 17:52:48 ----D---- C:\DriveKey
2009-07-22 17:31:23 ----D---- C:\Program Files\BootDisk2BootStick
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-07-21 08:46:55 ----D---- C:\WINDOWS\system32\xlive
2009-07-21 08:46:55 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-07-20 19:19:10 ----SHD---- C:\RECYCLER
2009-07-20 19:02:57 ----A---- C:\ComboFix.txt
2009-07-20 18:49:26 ----A---- C:\avenger.txt
2009-07-20 18:29:34 ----D---- C:\Program Files\Trend Micro
2009-07-19 15:54:23 ----D---- C:\Program Files\HandBrake
2009-07-17 15:22:25 ----A---- C:\Boot.bak
2009-07-17 15:22:12 ----RASHD---- C:\cmdcons
2009-07-17 15:12:29 ----A---- C:\WINDOWS\zip.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\SWSC.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\SWREG.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\sed.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\PEV.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\grep.exe
2009-07-17 15:11:24 ----D---- C:\WINDOWS\ERDNT
2009-07-17 15:08:33 ----D---- C:\Qoobox
2009-07-15 13:06:56 ----A---- C:\WINDOWS\system32\SdeNsx50.dll
2009-07-15 13:06:56 ----A---- C:\WINDOWS\system32\Sde50.dll
2009-07-15 10:01:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-13 23:09:12 ----D---- C:\Program Files\ESET
2009-07-13 23:09:12 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-07-13 16:54:35 ----D---- C:\Documents and Settings\K0MPR3SS0R\Application Data\Media Player Classic

======List of files/folders modified in the last 1 months======

2009-08-08 12:48:08 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-08 12:43:55 ----D---- C:\Documents and Settings\K0MPR3SS0R\Application Data\uTorrent
2009-08-08 10:18:40 ----D---- C:\WINDOWS\Temp
2009-08-08 10:18:40 ----D---- C:\WINDOWS\system32
2009-08-07 19:50:43 ----D---- C:\WINDOWS\Prefetch
2009-08-07 16:25:37 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
2009-08-07 15:03:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-07 08:50:22 ----D---- C:\Documents and Settings\K0MPR3SS0R\Application Data\FrostWire
2009-08-06 16:39:30 ----ASHD---- C:\WINDOWS
2009-08-06 11:46:59 ----RD---- C:\Program Files
2009-08-04 17:50:14 ----A---- C:\WINDOWS\BRWMARK.INI
2009-08-04 17:50:14 ----A---- C:\WINDOWS\BRPP2KA.INI
2009-08-03 02:40:09 ----D---- C:\WINDOWS\system32\drivers
2009-08-01 03:00:20 ----SHD---- C:\WINDOWS\Installer
2009-08-01 03:00:19 ----SHD---- C:\Config.Msi
2009-08-01 03:00:19 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-29 15:44:47 ----D---- C:\Documents and Settings\K0MPR3SS0R\Application Data\mIRC
2009-07-29 14:42:37 ----D---- C:\Program Files\mIRC
2009-07-29 03:00:19 ----D---- C:\WINDOWS\WinSxS
2009-07-26 12:24:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-22 18:23:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-22 17:52:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-21 08:47:05 ----HD---- C:\WINDOWS\inf
2009-07-21 08:47:05 ----D---- C:\WINDOWS\system32\DirectX
2009-07-20 18:59:41 ----A---- C:\WINDOWS\system.ini
2009-07-20 18:55:30 ----D---- C:\WINDOWS\AppPatch
2009-07-20 18:55:30 ----D---- C:\Program Files\Common Files
2009-07-19 22:33:23 ----D---- C:\Documents and Settings\K0MPR3SS0R\Application Data\AVI ReComp
2009-07-19 15:31:22 ----D---- C:\Downloads
2009-07-17 15:22:27 ----RASH---- C:\boot.ini
2009-07-17 15:12:17 ----D---- C:\WINDOWS\system32\Restore
2009-07-17 14:02:19 ----D---- C:\WINDOWS\Minidump
2009-07-15 03:00:51 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-14 10:02:54 ----A---- C:\WINDOWS\win.ini
2009-07-14 08:59:19 ----SD---- C:\WINDOWS\Tasks
2009-07-14 01:24:16 ----D---- C:\WINDOWS\system32\config
2009-07-13 23:22:20 ----D---- C:\Documents and Settings\All Users\Application Data\Codemasters
2009-07-13 23:03:35 ----D---- C:\Program Files\Brother
2009-07-13 23:03:07 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-07-13 23:03:04 ----RSD---- C:\WINDOWS\Fonts
2009-07-13 23:03:03 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-07-13 23:01:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-13 17:41:45 ----D---- C:\virtualDub

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 c2scsi;c2scsi; C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-10 244736]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-10-30 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-10-30 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-10-30 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-10-30 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 JakNDis;Jaksta Service; C:\WINDOWS\system32\DRIVERS\JakNDis.sys [2008-08-04 26656]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-10-30 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-10-30 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-10-30 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-10-30 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-10-30 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S1 WINIO;WINIO; hý []
S2 jspquzd;jspquzd; C:\WINDOWS\system32\drivers\epjp.sys [2009-08-03 61440]
S3 ackwjzn5;ackwjzn5; C:\WINDOWS\system32\drivers\ackwjzn5.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\K0MPR3~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2007-10-30 17024]
S3 CH341SER;CH341SER; C:\WINDOWS\System32\Drivers\CH341SER.SYS [2006-06-05 35824]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GPU-Z;GPU-Z; C:\WINDOWS\system32\drivers\GPU-Z.sys []
S3 I97DRIVER;I97DRIVER; \??\C:\PROGRA~1\AVANQU~1\Fix-It\dgs.sys []
S3 MailScan;MailScan; \??\C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys []
S3 MarkFun_NT;MarkFun_NT; \??\C:\Program Files\Gigabyte\@BIOS\markfun.w32 []
S3 mbr;mbr; \??\C:\DOCUME~1\K0MPR3~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2007-10-30 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2007-10-30 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2007-10-30 10880]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2007-10-30 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2007-10-30 15232]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2007-10-30 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-10-30 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-10-30 26368]
S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2008-08-04 1964816]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2008-01-24 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2007-10-30 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 KLIF;KLIF; \??\C:\WINDOWS\system32\drivers\klif.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-12 354840]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 .EsetTrialReset;Eset Trial Reset; C:\WINDOWS\system32\regedt32.exe [2004-08-06 3584]
S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [1998-06-06 34036]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-10-31 14336]
S4 BRA_Scheduler;Brother BRAdminPro Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [2007-09-03 65536]
S4 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
S4 gupdate1c9cf58f3a58534;Google Update Service (gupdate1c9cf58f3a58534); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-07 133104]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-10 66872]
S4 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe []
S4 SandraDataSrv;Sandra Data Service; C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe [2006-05-05 117288]
S4 SandraTheSrv;Sandra Service; C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe [2006-05-05 1231400]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------




---------------------------------------
INFO.TXT
---------------------------------------

info.txt logfile of random's system information tool 1.06 2009-08-08 12:50:07

======Uninstall list======

@BIOS -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\Setup.exe" -l0x9 -removeonly
-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
3Planesoft Screensaver Manager 1.2-->"C:\Program Files\3Planesoft Screensaver Manager\unins000.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Active SMART-->"C:\Program Files\Active SMART SCSI\unins000.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Alarm Clock v1.0-->"C:\Program Files\Alarm Clock\unins000.exe"
AnalogX SuperShredder-->C:\Program Files\AnalogX\SuperShredder\shredu.exe
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe"
Audio Signal Generator-->"C:\Program Files\ToneGen\remove_generator.exe"
AVI ReComp 1.4.5-->C:\Program Files\AVI ReComp\Uninstall.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bandwidth Monitor Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Bandwidth Monitor Pro\uninstal.log
Bionic Commando Rearmed-->"C:\Program Files\InstallShield Installation Information\{DB219559-1F78-4343-9A6E-C2E987AD47A3}\setup.exe" -runfromtemp -l0x0009 -removeonly
BioShock-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\setup.exe" -l0x9 -removeonly
Bitvise Tunnelier 4.28 (remove only)-->"C:\Program Files\Bitvise Tunnelier\uninst.exe" Tunnelier
BootDisk2BootStick 0.10-->C:\Program Files\BootDisk2BootStick\uninst.exe
BRAdmin Professional 3-->C:\Program Files\InstallShield Installation Information\{75C885D4-C758-4896-A3B4-90DA34B44C31}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
Burnout™ Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Chinese Traditional Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003}
Classic Menu 3.x for Office 2007-->"C:\Program Files\Classic Menu for Office\unins000.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Copernic Agent Professional-->"C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"
COWON Media Center - jetAudio Plus VX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
Crysis WARHEAD®-->"C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD®-->C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Debugging Tools for Windows-->MsiExec.exe /I{F3ECED46-91CC-4F44-9917-9A20085D5D26}
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
DiRT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}\setup.exe" -l0x9 -removeonly
Disk Investigator 1.4-->C:\Program Files\Disk Investigator\uninst.exe
DIY DataRecovery DiskPatch 3-->"C:\Program Files\DIY DataRecovery DiskPatch\unins000.exe"
DocRepair-->C:\PROGRA~1\Jufsoft\DOCREP~1\UNWISE.EXE C:\PROGRA~1\Jufsoft\DOCREP~1\INSTALL.LOG
Dragon NaturallySpeaking 10-->MsiExec.exe /I{E7712E53-7A7F-46EB-AA13-70D5987D30F2}
Dummy File Creator-->MsiExec.exe /I{B5A79A5F-7E2B-49F6-9C01-A0BBBF807395}
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
Easy CD-DA Extractor 12-->"C:\WINDOWS\Easy CD-DA Extractor 12.0.1\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 12\irunin.xml"
EasyRecovery Professional-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A8BB9906-E618-406A-B161-7383AFF46C39} /l1033
ElectricSheep 2.6.6-->C:\WINDOWS\system32\UninstallElectricSheep.exe
EMC 10 Content-->MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}
Eraser-->"C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser-->C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
EVEREST Ultimate v4.20.1248 + Corporate Edition Beta Registered-->"C:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\unins000.exe"
Express Dictate-->C:\Program Files\NCH Swift Sound\Express\uninst.exe
Express Scribe-->C:\Program Files\NCH Swift Sound\Scribe\uninst.exe
FlashGet(JetCar)-->C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
Folding@home-gpu-->MsiExec.exe /I{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}
Fraps-->"C:\Fraps\uninstall.exe"
Free YouTube to Mp3 Converter version 2.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FrostWire 4.17.2-->C:\Program Files\FrostWire\Uninstall.exe
GetDataBack for FAT-->"C:\Program Files\Runtime Software\GetDataBack\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack\install.log" -u
GetDataBack for NTFS-->"C:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
Google Earth Pro-->MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HandBrake 0.9.3-->C:\Program Files\HandBrake\uninst.exe
Hex Workshop v5-->MsiExec.exe /I{26A373DB-162B-4B6E-A488-0BED0F0FB227}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
ImTOO MOV Converter-->C:\Program Files\ImTOO\MOV Converter 3\Uninstall.exe
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Jitbit Macro Recorder-->MsiExec.exe /I{2D57FB4E-6277-4A6D-8739-304C38051B89}
Koi Fish 3D Screensaver 1.0-->"C:\Program Files\3Planesoft Screensaver Manager\Koi Fish 3D Screensaver\unins000.exe"
LCP 5.04-->MsiExec.exe /I{1EFAF492-9A3B-48C3-9349-234B146FDA46}
Lighthouse Point 3D Screensaver 1.1-->"C:\Program Files\Lighthouse Point 3D Screensaver\unins000.exe"
Logitech GamePanel Software 2.02-->MsiExec.exe /X{0523EAF4-402C-4435-A0DA-13C40193D811}
Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}
Lotto Pro-->C:\PROGRA~1\WI8414~1\UNWISE.EXE C:\PROGRA~1\WI8414~1\INSTALL.LOG
Magic ISO Maker v5.4 (build 0256)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maple 12-->"C:\Program Files\Maple 12\Uninstall_Maple 12\Uninstall Maple 12.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Corporation-->MsiExec.exe /I{7B08D306-7266-4647-A926-2F78817ED1E0}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{6BCB7EAA-598C-4836-B7EA-3642E41AA222}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 6.0 Enterprise Edition-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft VM for Java-->RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MKV To AVI With Subtitle version 2.0-->"C:\Program Files\mkvtoavis\unins000.exe"
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox 3 Beta 4\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
myibay eBay bid sniper 1.0.33-->"C:\Program Files\myibay\unins000.exe"
MySQL Server 5.0-->MsiExec.exe /I{E9CF8701-483A-4344-8119-0002BD0992A8}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
OCCT Perestroika 2.0.1-->"C:\Program Files\OCCT\unins000.exe"
OJOsoft Total Video Converter-->"C:\Program Files\OJOsoft\OJOsoft Total Video Converter\unins000.exe"
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
ophcrack 3.2.0-->C:\Program Files\ophcrack\uninst.exe
OPNET IT Guru Academic Edition 9.1-->"C:\Program Files\InstallShield Installation Information\{DBFA98B2-1D1D-488C-B80D-26057DA9A492}\setup.exe" -runfromtemp -l0x0009Add_Remove -removeonly
OPNET Model Library Academic Edition 9.1-->"C:\Program Files\InstallShield Installation Information\{23532305-7458-4592-9D3A-18F15803973A}\setup.exe" -runfromtemp -l0x0009AddRemove -removeonly
Plants vs. Zombies-->C:\Program Files\PopCap Games\Plants vs. Zombies\PopUninstall.exe "C:\Program Files\PopCap Games\Plants vs. Zombies\Install.log"
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PSpice Student 9.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\OrCAD_Demo\DeIsL1.isu"
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Rampant Logic Postscript Viewer 1.1-->"C:\Program Files\Rampant Logic Postscript Viewer\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RivaTuner v2.06-->"C:\Program Files\RivaTuner v2.06\uninstall.exe"
RoPS Version 6.3-->C:\PROGRA~1\RoPS\setup.exe
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Visio 2007 (KB957831)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {DA824D83-D80E-47AE-9726-7F5E810330C8}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Shareaza-->C:\Program Files\Shareaza Applications\Shareaza\UninstallSurvey.exe C:\Program Files\Shareaza Applications\Shareaza\UnwiseLauncher.exe /A C:\PROGRA~1\SHAREA~1\Shareaza\INSTALL.LOG
SiSoftware Sandra Lite XII.SP1-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\unins000.exe"
SiSoftware Sandra Pro Home 2007 (Win64/32/CE)-->"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\unins000.exe"
Skype™ Beta 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Smart Data Scrubber v3.7-->"C:\Program Files\Smart PC Solutions\Smart Data Scrubber\unins000.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Streaming Media Recorder-->MsiExec.exe /I{6B5E080F-9C30-4EC1-88A2-CF9845A015F6}
Streamripper Plugin 1.62.2 (Remove only)-->C:\Program Files\Winamp\streamripper_uninstall.exe
STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Thermal Analysis Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B2C675E-8040-431B-99C4-137DF4FBF75A}\setup.exe" -l0x9 -removeonly
Tunatic-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Office 2007 (KB932080)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta)-->MsiExec.exe /I{2D87E961-577B-492B-AD54-1368680FB9A7}
Visual C++ Runtime for Dragon NaturallySpeaking-->MsiExec.exe /I{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}
VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
VobSub 2.23-->C:\Program Files\Gabest\VobSub\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinRK 3.1.2-->C:\Program Files\WinRK\uninst.exe
WinSCP 4.0.6-->"C:\Program Files\WinSCP\unins000.exe"
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Xming-fonts 7.4.0.3-->"C:\Program Files\Xming\unins001.exe"
Xming-mesa 6.9.0.31-->"C:\Program Files\Xming\unins000.exe"
Xvid 1.2.1-->C:\Program Files\Xvid\unins000.exe

======Hosts File======

127.255.255.255 serial.alcohol-soft.com
66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es

======Security center information======

AV: Avanquest VirusScanner Pro
AV: BitDefender Antivirus
AV: Kaspersky Internet Security (disabled) (outdated)
AV: ESET NOD32 Antivirus 4.0
FW: BitDefender Firewall
FW: Kaspersky Internet Security (disabled)

======System event log======

Computer Name: MONSTER
Event Code: 3
Message: Printer Brother MFC-465CN Printer on K0MP (from TRISCOPE) was deleted.

Record Number: 15050
Source Name: Print
Time Written: 20090429161321.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MONSTER
Event Code: 4
Message: Printer Brother MFC-465CN Printer on K0MP (from TRISCOPE) is pending deletion.

Record Number: 15049
Source Name: Print
Time Written: 20090429161317.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MONSTER
Event Code: 8
Message: Printer Brother MFC-465CN Printer on K0MP (from TRISCOPE) was purged.

Record Number: 15048
Source Name: Print
Time Written: 20090429161317.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MONSTER
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Record Number: 15047
Source Name: DCOM
Time Written: 20090429122116.000000-240
Event Type: error
User: MONSTER\K0MPR3SS0R

Computer Name: MONSTER
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Record Number: 15046
Source Name: DCOM
Time Written: 20090429122105.000000-240
Event Type: error
User: MONSTER\K0MPR3SS0R

=====Application event log=====

Computer Name: MONSTER
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 164
Source Name: Userenv
Time Written: 20090625030016.000000-240
Event Type: warning
User: MONSTER\Administrator

Computer Name: MONSTER
Event Code: 1517
Message: Windows saved user MONSTER\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 154
Source Name: Userenv
Time Written: 20090624030016.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MONSTER
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 153
Source Name: Userenv
Time Written: 20090624030015.000000-240
Event Type: warning
User: MONSTER\Administrator

Computer Name: MONSTER
Event Code: 1517
Message: Windows saved user MONSTER\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 143
Source Name: Userenv
Time Written: 20090623030037.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MONSTER
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 142
Source Name: Userenv
Time Written: 20090623030037.000000-240
Event Type: warning
User: MONSTER\Administrator

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\Program Files\Bitvise Tunnelier
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"KMP_DUPLICATE_LIB_OK"=TRUE
"WATCOM"=C:\watcom-1.3

-----------------EOF-----------------

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:10 PM

Posted 10 August 2009 - 03:06 PM

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Frostwire). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove two of the following BitDefender, Kaspersky or ESET NOD32 .

Next

Update MBAM till it says you have the latest definitions, then run another full scan and post back with the results.

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then please post back here with the following:
  • MBAM results
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#8 triscope

triscope
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 11 August 2009 - 07:46 PM

Hi, today I re-ran a scan of mbam and didnt get much different result this time. I also tried to run gmer 3 times but it kept crashing giving me a blue screen at random points during the scan. I would get a 0x000000BE error with the file aujasnkj.sys (on the last scan, the first two scans I didnt take not of the file, sorry)

When running GMER I disconnected and disabled my lan connection, I also terminated nearly everything I could in task manager and disabled my AV. It seems that with even doing all this, it crashes. I will try another shot soon to see if it crashes still, and as soon as I can obtain a log, I'll post it here. In the meantime heres my latest mbam log result.

-------------------------------------------------
Malwarebytes' Anti-Malware 1.40
Database version: 2593
Windows 5.1.2600 Service Pack 3, v.3244

11/08/2009 4:39:25 PM
mbam-log-2009-08-11 (16-39-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 252924
Time elapsed: 28 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrhmgebqek.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\geyekrhmgebqek.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:10 PM

Posted 12 August 2009 - 10:51 AM

triscope, you can leave Gmer for now.

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Link 1
    Link 2
    Link 3

    Posted Image


    Posted Image
    --------------------------------------------------------------------

    Double click on Combo-Fix.exe & follow the prompts.
    [list]When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt .

unite.jpg


#10 triscope

triscope
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 13 August 2009 - 04:06 PM

Hi again. Okay I did run combofix and it did manage to remove olmarik trojan along with its files located in system32. Im going to attempt to run gmer this time hopefully it will complete and ill post the log of that as well once I get it. Thanks so much for being patient and helping me out! I really appreciate all this.

=======================
COMBOFIX LOG
=======================
ComboFix 09-08-10.06 - K0MPR3SS0R 13/08/2009 16:57.3.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1605 [GMT -4:00]
Running from: c:\downloads\Apps\12345.exe
AV: Avanquest VirusScanner Pro *On-access scanning enabled* (Updated) {6A383D4C-7657-408f-BD0D-B379B5C7C3BE}
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\geyekrnacofgqr.sys
c:\windows\system32\geyekressmbqmc.dll
c:\windows\system32\geyekrfubrovbd.dat
c:\windows\system32\geyekrhmgebqek.dll
c:\windows\system32\geyekrqwfbjswa.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_geyekrjlecfnli
-------\Legacy_geyekrjlecfnli


((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 20:47 . 2009-08-13 20:47 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-08-13 12:51 . 2001-08-23 18:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-08-08 16:50 . 2009-08-08 16:50 -------- d-----w- C:\rsit
2009-08-06 15:46 . 2009-08-06 16:16 -------- d-----w- c:\program files\Windows Lotto Pro 2000
2009-07-29 21:22 . 2009-07-29 21:22 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PopCap Games
2009-07-29 21:22 . 2009-07-29 21:22 -------- d-----w- c:\program files\PopCap Games
2009-07-22 22:28 . 2009-07-22 22:28 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Local Settings\Application Data\Easy CD-DA Extractor
2009-07-22 22:28 . 2009-07-22 22:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Easy CD-DA Extractor
2009-07-22 22:28 . 2009-07-22 22:28 -------- d-----w- c:\program files\Easy CD-DA Extractor 12
2009-07-22 22:28 . 2009-07-22 22:28 -------- d-----w- c:\windows\Easy CD-DA Extractor 12.0.1
2009-07-22 21:52 . 2009-07-22 21:52 -------- d-----w- C:\DriveKey
2009-07-22 21:31 . 2009-07-22 21:31 -------- d-----w- c:\program files\BootDisk2BootStick
2009-07-21 13:00 . 2009-07-21 13:00 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Local Settings\Application Data\CAPCOM
2009-07-21 12:47 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-21 12:47 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-21 12:47 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-21 12:47 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-21 12:47 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-21 12:47 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-21 12:46 . 2009-07-21 12:47 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-21 12:46 . 2009-07-21 12:46 -------- d-----w- c:\windows\system32\xlive
2009-07-20 23:15 . 2009-07-20 23:15 102800 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-20 22:29 . 2009-07-20 22:29 -------- d-----w- c:\program files\Trend Micro
2009-07-19 19:54 . 2009-07-19 19:54 -------- d-----w- c:\program files\HandBrake
2009-07-15 17:06 . 2000-09-13 10:14 155648 ----a-w- c:\windows\system32\Sde50.dll
2009-07-15 17:06 . 2000-09-13 09:14 266240 ----a-w- c:\windows\system32\SdeNsx50.dll
2009-07-15 14:01 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 14:01 . 2009-08-10 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 14:01 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 20:49 . 2008-03-15 14:31 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 4
2009-08-13 12:37 . 2008-02-22 22:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-13 12:25 . 2007-12-18 13:23 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-08-12 07:00 . 2007-12-21 19:19 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-10 20:35 . 2009-05-02 16:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-10 20:33 . 2008-01-19 23:46 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\uTorrent
2009-08-07 12:50 . 2008-08-14 00:57 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\FrostWire
2009-07-30 16:15 . 2007-12-25 21:54 444 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-29 19:44 . 2008-01-20 01:07 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\mIRC
2009-07-29 18:42 . 2008-01-20 01:07 -------- d-----w- c:\program files\mIRC
2009-07-22 21:52 . 2007-12-13 04:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-20 18:22 . 2009-07-20 18:22 361088 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-07-20 02:33 . 2009-04-02 14:36 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\AVI ReComp
2009-07-19 19:54 . 2007-12-15 20:11 79216 ----a-w- c:\documents and settings\K0MPR3SS0R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 03:22 . 2008-06-03 21:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Codemasters
2009-07-14 03:09 . 2009-07-14 03:09 -------- d-----w- c:\program files\ESET
2009-07-14 03:09 . 2009-07-14 03:09 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ESET
2009-07-14 03:03 . 2009-01-08 15:53 -------- d-----w- c:\program files\Brother
2009-07-14 03:03 . 2008-03-21 01:33 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-07-14 03:03 . 2008-03-21 01:33 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Roxio
2009-07-14 03:01 . 2008-02-23 19:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-13 20:54 . 2009-07-13 20:54 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\Media Player Classic
2009-07-08 22:43 . 2009-04-28 13:43 81984 ------w- c:\windows\system32\bdod.bin
2009-06-29 21:59 . 2007-12-13 20:05 -------- d-----w- c:\program files\Google
2009-06-24 15:38 . 2009-06-24 15:38 -------- d-----w- c:\documents and settings\K0MPR3SS0R\Application Data\Braid
2008-03-09 12:25 . 2009-02-15 22:05 236 ---ha-w- c:\program files\Common Files\dx.reg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 03:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-10-31 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-16 16855552]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-31 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"usnjsvc"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"PnkBstrA"=2 (0x2)
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)
"RoxLiveShare10"=2 (0x2)
"Roxio Upnp Server 10"=2 (0x2)
"Roxio UPnP Renderer 10"=3 (0x3)
"gupdate1c9cf58f3a58534"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"BRA_Scheduler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Shareaza Applications\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Home 2007\\sandra.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Home 2007\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Pro Home 2007\\Win32\\RpcDataSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\ElectricSheep.scr"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Games\\BCR\\bcr.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\discover.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\AuditorServer.exe"=
"c:\\Program Files\\Brother\\BRAdmin Professional 3\\bradminv3.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Downloads\\Apps\\eclipse-SDK-3.3-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\OPNET EDU\\9.1.A\\sys\\pc_intel_win32\\bin\\itguru.exe"=
"c:\\Program Files\\Xming\\Xming.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Lotto Pro 2000\\proupdt.exe"=
"e:\\Games\\STREETFIGHTERIV\\StreetFighterIV.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"5900:TCP"= 5900:TCP:vncS
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [10/04/2008 9:04 AM 244736]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 2:23 PM 727720]
R3 JakNDis;Jaksta Service;c:\windows\system32\drivers\JakNDis.sys [04/08/2008 9:34 AM 26656]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [06/08/2004 8:17 PM 3584]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [03/02/2008 9:35 AM 35824]
S3 GPU-Z;GPU-Z; [x]
S3 I97DRIVER;I97DRIVER;\??\c:\progra~1\AVANQU~1\Fix-It\dgs.sys --> c:\progra~1\AVANQU~1\Fix-It\dgs.sys [?]
S3 MailScan;MailScan;\??\c:\progra~1\AVANQU~1\Fix-It\MailScan.sys --> c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [?]
S3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\@BIOS\markfun.w32 [08/02/2008 7:20 PM 17912]
S4 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [08/01/2009 11:53 AM 65536]
S4 gupdate1c9cf58f3a58534;Google Update Service (gupdate1c9cf58f3a58534);c:\program files\Google\Update\GoogleUpdate.exe [07/05/2009 5:15 PM 133104]
S4 RoxLiveShare10;LiveShare P2P Server 10; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
TCP: {3DD2AE91-574F-4618-BBEB-CA2AD8A060D3} = 192.168.1.1
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\docume~1\K0MPR3~1\APPLIC~1\Mozilla\Firefox\Profiles\smklq0ud.default\
FF - prefs.js: browser.startup.homepage - hxxp://WWW.GOOGLE.CA
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 17:01
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\@BIOS\markfun.w32"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WINIO]
"ImagePath"="hý\12"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEEAFFC5-0BD7-F3DF-7011-80BCFF37286A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naiheniglkfdlnmkfggmgimakhlf"=hex:6a,61,6e,6d,6e,6e,69,6f,61,6b,6a,6f,70,6d,
6d,63,63,65,62,70,00,00
"machkmihekhnegfinkeifcpmml"=hex:6a,61,6d,6d,6b,61,68,66,6d,69,67,6a,6c,61,68,
68,6d,6c,6a,6c,00,62

[HKEY_USERS\S-1-5-21-1844237615-1284227242-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:56,95,5a,78,76,0e,a7,74,34,96,c8,fa,f2,72,66,12,bb,c6,91,82,ed,0e,28,
95,c3,4f,ac,1e,e9,45,31,ff,c5,61,cd,21,84,54,f7,6d,cd,83,e6,f6,f5,7c,f0,c6,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1844237615-1284227242-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:15,4b,ae,4f,a4,e7,6c,2e,1b,91,aa,68,1e,f3,53,72,a3,5d,84,04,64,
f5,8e,5d,b3,da,74,b5,ea,95,d4,81,90,b2,08,c4,b2,bf,99,33,e6,29,04,31,b3,33,\
"rkeysecu"=hex:a6,41,99,88,8b,02,4a,d9,a6,c0,1f,68,10,84,14,12

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="1B4CA21C570CD54264AA6CDCCFBABC02C4BB09F78D22AC3283229772E5AB31B2EF43862F1AC5670B63A8610C8C4D29D2A17AEB0FC18D97217902101AABCE6B104446993BD0741F4F292B43053AABDBC637AD11F7B0AA44C751A87F0051FB06D15EA87F7BEE6240E15E5741593DC2B5D834ED5340D6A4D06BDA3D8DC90ABF7DA3D5C4CB4FF91CC5F7FD577E42923F4D6898D4051745E911333E6CD74098E87F1815760A368C725A2CDA5912194992EA383A0168D01F2E0A2B7564EECFD70DF0A5DC1DB858557B5E7E198D075D84748E70451535641EE87746515A598934836923C020C8FE158EE7CE32AADC327BDE669B34B799EF0D5547D6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A2D97226D213B555C038D530D6EB3452BDC961091B902EA1BA36CD0B268C61F5C22B7A5414C67E32F11F1D703011726886F1BECAB8AFDD5DBAE6D2D6635D9BFAE8A6274A285094D00759A06B66E16226724A43685337C6A201A216413A03ED78EDA849448DD182AB939E3599476817E5F02327DA1A3753D203297C3DEED07C99ED02904FBCFD4CDA766EF9419FDB0FC5474A13414E071FB78BBCDBE2DADDA3F0D786A21B44CEA8D6634F804D523281480D97A860C8BFFDF9B725836EE986F1EF6E8B18FDC4FE037C63494F49542BD353B1E47A9C743FF42B79AAB0C01C67A8F148EF7E6F738F7B8ED0E76068B2C6A432730F8D03D02A3C3D169E985B05E53F31CE11568D9AC46530DB3DA08189C94492E678DEC170E3C289A752E2674EA8DF4FC3D3151995A5C86C885CF38C8BBD36077707DC2A7C1729C99D9CABB133996AD0371FA375D600E030ADDF2FA900F0340760236BB5AD33C51E36D6042805E96F1D115FDEAD64629BCD79621C18BFF22A6BB13ADF7DD4E9A1898AE16E61278B36810B03186D56221FF8E806F940BA9939F3513F86C154B0F973839FE21392B53AADB5FE1386DAD542CC516F79A9F07D344177281E642541C0A7DDF54E19D2E2A7B6F2C98B6CB2DB8EC4D9C641057AFCA55BB1ECD86C501C9B55ABD011F40853E214F9DFAB393253C544FEB8EB2201B7C8AB5F8CDF05F700E38F531EFE49678A0323D3C19629449F5A10907586F743938F81B608CB7C4CF628CD8E50DE5EB84E5124E1F0DF9D6569F45031B2939F13BA1D0FBF652DC6964827EB6BDDED20D72B4CBB55F6111C271EEF145928085756194A6AD6AE06F9B082D92A4A42DB9EB6EEA6F0355E28CB2E6BDACC5513CF8188DE240E2EF0CD528BF8672AE2FB4D8D57ADC731DC37947A35487A4E4333C723B684EAD6C8BC70AC29412E743D0D584453BE49CDF994BC1A87EA455399CE4366043F920B81A9CB8D21353F7338FC0BBF573C79798F8FF73D084FE6F8"
.
Completion time: 2009-08-13 17:02
ComboFix-quarantined-files.txt 2009-08-13 21:02
ComboFix2.txt 2009-07-20 23:02
ComboFix3.txt 2009-07-17 19:42

Pre-Run: 26,818,682,880 bytes free
Post-Run: 26,906,157,056 bytes free

259 --- E O F --- 2009-08-13 12:25

#11 triscope

triscope
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 13 August 2009 - 06:06 PM

Finally I after performing combofix I was able to do a full run of GMER without bluescreens. I no longer see or get any message in GMER about rootkit infections. Here is the log and a log of RSIT as well. I hope my system is finally clean now.... I will run MBAM and NOD32 as well to make sure there are no remainders....I really hope this is over. Thanks again for all your help man!!

================================
GMER LOG
================================

GMER 1.0.15.15020 [073sjysq.exe] - http://www.gmer.net
Rootkit scan 2009-08-13 19:02:39
Windows 5.1.2600 Service Pack 3, v.3244


---- System - GMER 1.0.15 ----

SSDT 8917A630 ZwAssignProcessToJobObject
SSDT spiw.sys ZwCreateKey [0xB9EAB0E0]
SSDT spiw.sys ZwEnumerateKey [0xB9EC8CA2]
SSDT spiw.sys ZwEnumerateValueKey [0xB9EC9030]
SSDT spiw.sys ZwOpenKey [0xB9EAB0C0]
SSDT 89179A60 ZwOpenProcess
SSDT 89179E80 ZwOpenThread
SSDT spiw.sys ZwQueryKey [0xB9EC9108]
SSDT spiw.sys ZwQueryValueKey [0xB9EC8F88]
SSDT spiw.sys ZwSetValueKey [0xB9EC919A]
SSDT 8917A460 ZwSuspendProcess
SSDT 8917A280 ZwSuspendThread
SSDT 89179C90 ZwTerminateProcess
SSDT 8917A0B0 ZwTerminateThread

INT 0x63 ? 89C53BF8
INT 0x63 ? 89C53BF8
INT 0x63 ? 89C53BF8
INT 0x73 ? 8A991BF8
INT 0x73 ? 8A991BF8
INT 0x73 ? 8A991BF8
INT 0x83 ? 8A994BF8
INT 0x83 ? 89C53BF8
INT 0x83 ? 8A994BF8
INT 0x84 ? 89C53BF8
INT 0xA4 ? 89C53BF8
INT 0xB4 ? 8A91DBF8

---- Kernel code sections - GMER 1.0.15 ----

? spiw.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B8DEC8AC 5 Bytes JMP 89C531D8
.text a6dmxjb7.SYS B8CFA384 1 Byte [20]
.text a6dmxjb7.SYS B8CFA384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a6dmxjb7.SYS B8CFA3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a6dmxjb7.SYS B8CFA3C4 3 Bytes [00, 00, 00]
.text a6dmxjb7.SYS B8CFA3C9 1 Byte [00]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1976] kernel32.dll!SetUnhandledExceptionFilter 7C84487D 4 Bytes [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EAC040] spiw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EAC13C] spiw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EAC0BE] spiw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EAC7FC] spiw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EAC6D2] spiw.sys
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!KfAcquireSpinLock] A792B479
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!READ_PORT_UCHAR] A999B970
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!KeGetCurrentIrql] BB84AE6B
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!KfRaiseIrql] [B58FA362] \SystemRoot\system32\DRIVERS\mcdbus.sys (MagicISO SCSI Host Controller/MagicISO, Inc.)
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!KfLowerIrql] 9FBE805D
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!HalGetInterruptVector] 91B58D54
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!HalTranslateBusAddress] 83A89A4F
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!KeStallExecutionProcessor] 8DA39746
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!KfReleaseSpinLock] 00000063
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0000007C
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!READ_PORT_USHORT] 00000077
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 0000007B
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[HAL.dll!WRITE_PORT_UCHAR] 000000F2
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[WMILIB.SYS!WmiSystemControl] 0000006F
IAT \SystemRoot\System32\Drivers\a6dmxjb7.SYS[WMILIB.SYS!WmiCompleteRequest] 000000C5

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A98F1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\usbuhci \Device\USBPDO-0 89D8F1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A91E1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A91E1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A91E1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A91E1F8
Device \Driver\usbuhci \Device\USBPDO-1 89D8F1F8
Device \Driver\usbuhci \Device\USBPDO-2 89D8F1F8
Device \Driver\sptd \Device\2262166434 spiw.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{3DD2AE91-574F-4618-BBEB-CA2AD8A060D3} 89C7C500
Device \Driver\usbehci \Device\USBPDO-3 89C3F440
Device \Driver\PCI_PNP6434 \Device\00000054 spiw.sys
Device \Driver\usbuhci \Device\USBPDO-4 89D8F1F8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\usbuhci \Device\USBPDO-5 89D8F1F8
Device \Driver\usbuhci \Device\USBPDO-6 89D8F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A9921F8
Device \Driver\usbehci \Device\USBPDO-7 89C3F440
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A9921F8
Device \Driver\Cdrom \Device\CdRom0 89C351F8
Device \Driver\Cdrom \Device\CdRom1 89C351F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A9911F8
Device \Driver\atapi \Device\Ide\IdePort0 8A9911F8
Device \Driver\atapi \Device\Ide\IdePort1 8A9911F8
Device \Driver\Cdrom \Device\CdRom2 89C351F8
Device \Driver\Cdrom \Device\CdRom3 89C351F8
Device \Driver\Cdrom \Device\CdRom4 89C351F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89C7C500
Device \Driver\NetBT \Device\NetbiosSmb 89C7C500
Device \Driver\usbuhci \Device\USBFDO-0 89D8F1F8
Device \Driver\usbuhci \Device\USBFDO-1 89D8F1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89DC7500
Device \Driver\usbuhci \Device\USBFDO-2 89D8F1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89DC7500
Device \Driver\usbehci \Device\USBFDO-3 89C3F440
Device \Driver\usbuhci \Device\USBFDO-4 89D8F1F8
Device \Driver\Ftdisk \Device\FtControl 8A9921F8
Device \Driver\usbuhci \Device\USBFDO-5 89D8F1F8
Device \Driver\usbuhci \Device\USBFDO-6 89D8F1F8
Device \Driver\usbehci \Device\USBFDO-7 89C3F440
Device \Driver\jraid \Device\Scsi\jraid1Port3Path0Target0Lun0 8A9901F8
Device \Driver\a6dmxjb7 \Device\Scsi\a6dmxjb71Port6Path0Target0Lun0 89AA81F8
Device \Driver\a6dmxjb7 \Device\Scsi\a6dmxjb71Port6Path0Target1Lun0 89AA81F8
Device \Driver\a6dmxjb7 \Device\Scsi\a6dmxjb71 89AA81F8
Device \Driver\c2scsi \Device\Scsi\c2scsi1Port5Path0Target0Lun0 89BF4500
Device \Driver\jraid \Device\Scsi\jraid1 8A9901F8
Device \Driver\c2scsi \Device\Scsi\c2scsi1 89BF4500
Device \FileSystem\Cdfs \Cdfs 89AE3370

---- Threads - GMER 1.0.15 ----

Thread System [4:664] 89178790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\MediaCategories\zEEF86A90-3742-4974-B8D2-5370E1C540F6}@Name HD Line Out DAC(s) for rear panel
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8B 0x0A 0x02 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x25 0x15 0xDC 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEC 0xC8 0x48 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD2 0x5B 0x4D 0x73 ...
Reg HKLM\SYSTEM\ControlSet003\Control\Keyboard Layouts\00000$19@Layout Text Russian
Reg HKLM\SYSTEM\ControlSet003\Control\Keyboard Layouts\00000$19@Layout Display Name @%SystemRoot%\system32\input.dll,-5055
Reg HKLM\SYSTEM\ControlSet003\Control\Keyboard Layouts\00000$19@Layout File KBDRU.DLL
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8B 0x0A 0x02 0xD5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x25 0x15 0xDC 0x8C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEC 0xC8 0x48 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD2 0x5B 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\shellcom\{B0D5CBA9-7917-44fa-AD19-42F93ED98E7B}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\shellcom\{B0D5CBA9-7917-44fa-AD19-42F93ED98E7B}@Init 0xAA 0xC0 0x2C 0xAE ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\shellcom\{B0D5CBA9-7917-44fa-AD19-42F93ED98E7B}@Version 34080260
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 1B4CA21C570CD54264AA6CDCCFBABC02C4BB09F78D22AC3283229772E5AB31B2EF43862F1AC5670B63A8610C8C4D29D2A17AEB0FC18D97217902101AABCE6B104446993BD0741F4F292B43053AABDBC637AD11F7B0AA44C751A87F0051FB06D15EA87F7BEE6240E15E5741593DC2B5D834ED5340D6A4D06BDA3D8DC90ABF7DA3D5C4CB4FF91CC5F7FD577E42923F4D6898D4051745E911333E6CD74098E87F1815760A368C725A2CDA5912194992EA383A0168D01F2E0A2B7564EECFD70DF0A5DC1DB858557B5E7E198D075D84748E70451535641EE87746515A598934836923C020C8FE158EE7CE32AADC327BDE669B34B799EF0D5547D6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555A2D97226D213B555C038D530D6EB3452BDC961091B902EA1BA36CD0B268C61F5C22B7A5414C67E32F11F1D703011726886F1BECAB8AFDD5DBAE6D2D6635D9BFAE8A6274A285094D00759A06B66E16226724A43685337C6A201A216413A03ED78EDA849448DD182AB939E3599476817E5F02327DA1A3753D203297C3DEED07C99ED02904FBCFD4CDA766EF9419FDB0FC5474A13414E071FB78BBCDBE2DADDA3F0D786A21B44CEA8D6634F804D523281480D97A860C8BFFDF9B725836EE986F1EF6E8B18FDC4FE037
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEEAFFC5-0BD7-F3DF-7011-80BCFF37286A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEEAFFC5-0BD7-F3DF-7011-80BCFF37286A}@naiheniglkfdlnmkfggmgimakhlf 0x6A 0x61 0x6E 0x6D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEEAFFC5-0BD7-F3DF-7011-80BCFF37286A}@machkmihekhnegfinkeifcpmml 0x6A 0x61 0x6D 0x6D ...

---- EOF - GMER 1.0.15 ----




======================================
RSIT LOG
======================================

Logfile of random's system information tool 1.06 (written by random/random)
Run by K0MPR3SS0R at 2009-08-13 19:03:15
Microsoft Windows XP Professional Service Pack 3, v.3244
System drive C: has 26 GB (13%) free of 200 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:16 PM, on 13/08/2009
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Downloads\Apps\073sjysq.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Downloads\Apps\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\K0MPR3SS0R.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD2AE91-574F-4618-BBEB-CA2AD8A060D3}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10144 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1 Copernic Intra-Daily ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\tasks\2 Copernic Daily ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\tasks\3 Copernic Weekly ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\tasks\4 Copernic Monthly ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\NatSpeak Periodic Acoustic Optimization.job
C:\WINDOWS\tasks\NatSpeak Periodic Language Model Optimization.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class - C:\PROGRA~1\FlashGet\getflash.dll [2006-09-12 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Copernic Agent - C:\PROGRA~1\COPERN~1\COPERN~1.DLL [2004-12-02 1142744]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-08 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-07-12 178712]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]
"nwiz"=nwiz.exe /install []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-12-13 2051096]
"Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2007-12-13 2095640]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"DNS7reminder"=C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [2007-04-16 259624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"VX3000"=C:\WINDOWS\vVX3000.exe [2008-08-04 721936]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2008-08-04 160800]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-15 86016]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-10-31 1695232]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-10-31 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandwidth Monitor Pro]
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe [2005-02-16 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2007-10-31 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2009-02-06 3325952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2007-10-31 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2007-12-06 1910040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3
"Nero BackItUp Scheduler 3"=2
"Microsoft Office Groove Audit Service"=3
"Apple Mobile Device"=2
"usnjsvc"=3
"SandraTheSrv"=3
"SandraDataSrv"=3
"PnkBstrA"=2
"RoxWatch10"=2
"RoxMediaDB10"=3
"RoxLiveShare10"=2
"Roxio Upnp Server 10"=2
"Roxio UPnP Renderer 10"=3
"gupdate1c9cf58f3a58534"=2
"Brother XP spl Service"=2
"BRA_Scheduler"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza Applications\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Gigabyte\@BIOS\gwflash.exe"="C:\Program Files\Gigabyte\@BIOS\gwflash.exe:*:Enabled:gwflash"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\sandra.exe:*:Enabled:SiSoftware Sandra Pro Home"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Pro Home"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Pro Home"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\ElectricSheep.scr"="C:\WINDOWS\system32\ElectricSheep.scr:*:Enabled:ElectricSheep"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\RealVNC\VNC4\vncviewer.exe"="C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:Run VNC Viewer"
"C:\Games\BCR\bcr.exe"="C:\Games\BCR\bcr.exe:*:Enabled:Bionic Commando Rearmed"
"C:\Program Files\Maple 12\jre\bin\maple.exe"="C:\Program Files\Maple 12\jre\bin\maple.exe:*:Enabled:Maple 12"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Brother\BRAdmin Professional 3\discover.exe"="C:\Program Files\Brother\BRAdmin Professional 3\discover.exe:*:Enabled:BRAdmin Professional 3"
"C:\Program Files\Brother\BRAdmin Professional 3\AuditorServer.exe"="C:\Program Files\Brother\BRAdmin Professional 3\AuditorServer.exe:*:Enabled:BRAdmin Professional 3"
"C:\Program Files\Brother\BRAdmin Professional 3\bradminv3.exe"="C:\Program Files\Brother\BRAdmin Professional 3\bradminv3.exe:*:Enabled:BRAdmin Professional 3"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Downloads\Apps\eclipse-SDK-3.3-win32\eclipse\eclipse.exe"="C:\Downloads\Apps\eclipse-SDK-3.3-win32\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\OPNET EDU\9.1.A\sys\pc_intel_win32\bin\itguru.exe"="C:\Program Files\OPNET EDU\9.1.A\sys\pc_intel_win32\bin\itguru.exe:*:Enabled:OPNET 9.1.A"
"C:\Program Files\Xming\Xming.exe"="C:\Program Files\Xming\Xming.exe:*:Enabled:Xming X Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Lotto Pro 2000\proupdt.exe"="C:\Program Files\Windows Lotto Pro 2000\proupdt.exe:*:Enabled:proupdt"
"E:\Games\STREETFIGHTERIV\StreetFighterIV.exe"="E:\Games\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\sandra.exe:*:Enabled:SiSoftware Sandra Pro Home"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Pro Home"
"C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Pro Home"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-08-13 17:11:46 ----D---- C:\WINDOWS\LastGood
2009-08-13 17:02:59 ----A---- C:\ComboFix.txt
2009-08-13 16:50:40 ----SD---- C:\12345
2009-08-13 16:47:03 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2009-08-08 12:50:02 ----D---- C:\rsit
2009-08-06 11:46:59 ----D---- C:\Program Files\Windows Lotto Pro 2000
2009-07-29 17:22:23 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap Games
2009-07-29 17:22:19 ----D---- C:\Program Files\PopCap Games
2009-07-22 18:28:38 ----D---- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
2009-07-22 18:28:37 ----D---- C:\WINDOWS\Easy CD-DA Extractor 12.0.1
2009-07-22 18:28:37 ----D---- C:\Program Files\Easy CD-DA Extractor 12
2009-07-22 17:52:48 ----D---- C:\DriveKey
2009-07-22 17:31:23 ----D---- C:\Program Files\BootDisk2BootStick
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-07-21 08:47:05 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-07-21 08:46:55 ----D---- C:\WINDOWS\system32\xlive
2009-07-21 08:46:55 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-07-20 18:29:34 ----D---- C:\Program Files\Trend Micro
2009-07-19 15:54:23 ----D---- C:\Program Files\HandBrake
2009-07-17 15:22:25 ----A---- C:\Boot.bak
2009-07-17 15:22:12 ----RASHD---- C:\cmdcons
2009-07-17 15:12:29 ----A---- C:\WINDOWS\zip.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\SWSC.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\SWREG.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\sed.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\PEV.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-17 15:12:29 ----A---- C:\WINDOWS\grep.exe
2009-07-17 15:11:24 ----D---- C:\WINDOWS\ERDNT
2009-07-17 15:08:33 ----D---- C:\Qoobox
2009-07-15 13:06:56 ----A---- C:\WINDOWS\system32\SdeNsx50.dll
2009-07-15 13:06:56 ----A---- C:\WINDOWS\system32\Sde50.dll
2009-07-15 10:01:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of files/folders modified in the last 1 months======

2009-08-13 19:03:01 ----D---- C:\WINDOWS\Prefetch
2009-08-13 17:13:03 ----D---- C:\WINDOWS\Temp
2009-08-13 17:11:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-13 17:11:46 ----ASHD---- C:\WINDOWS
2009-08-13 17:11:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-13 17:11:19 ----D---- C:\WINDOWS\Minidump
2009-08-13 17:03:01 ----D---- C:\WINDOWS\system32
2009-08-13 17:01:30 ----A---- C:\WINDOWS\system.ini
2009-08-13 17:00:22 ----D---- C:\WINDOWS\system32\drivers
2009-08-13 17:00:22 ----D---- C:\WINDOWS\AppPatch
2009-08-13 17:00:20 ----D---- C:\Program Files\Common Files
2009-08-13 16:57:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-13 16:56:43 ----D---- C:\WINDOWS\system32\config
2009-08-13 16:50:56 ----D---- C:\WINDOWS\system32\Restore
2009-08-13 16:49:56 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
2009-08-13 16:47:03 ----RD---- C:\Program Files
2009-08-13 09:00:43 ----HD---- C:\WINDOWS\inf
2009-08-13 09:00:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-13 09:00:17 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-13 08:37:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-13 08:25:41 ----SHD---- C:\WINDOWS\Installer
2009-08-13 08:25:40 ----SHD---- C:\Config.Msi
2009-08-13 08:25:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-12 03:00:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-11 17:47:09 ----D---- C:\Games
2009-08-10 16:36:42 ----SHD---- C:\System Volume Information
2009-08-10 16:35:06 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-10 16:33:05 ----D---- C:\Documents and Settings\K0MPR3SS0R\Application Data\uTorrent
2009-08-07 08:50:22 ----D---- C:\Documents and Settings\K0MPR3SS0R\Application Data\FrostWire
2009-08-04 17:50:14 ----A---- C:\WINDOWS\BRWMARK.INI
2009-08-04 17:50:14 ----A---- C:\WINDOWS\BRPP2KA.INI
2009-07-29 15:44:47 ----D---- C:\Documents and Settings\K0MPR3SS0R\Application Data\mIRC
2009-07-29 14:42:37 ----D---- C:\Program Files\mIRC
2009-07-29 03:00:19 ----D---- C:\WINDOWS\WinSxS
2009-07-22 17:52:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-21 08:47:05 ----D---- C:\WINDOWS\system32\DirectX
2009-07-19 22:33:23 ----D---- C:\Documents and Settings\K0MPR3SS0R\Application Data\AVI ReComp
2009-07-19 15:31:22 ----D---- C:\Downloads
2009-07-17 15:22:27 ----RASH---- C:\boot.ini
2009-07-14 10:02:54 ----A---- C:\WINDOWS\win.ini
2009-07-14 08:59:19 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 c2scsi;c2scsi; C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-10 244736]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-10-30 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-10-30 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-10-30 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-10-30 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 JakNDis;Jaksta Service; C:\WINDOWS\system32\DRIVERS\JakNDis.sys [2008-08-04 26656]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-10-30 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-10-30 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-10-30 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-10-30 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-10-30 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S1 WINIO;WINIO; hý []
S3 a6dmxjb7;a6dmxjb7; C:\WINDOWS\system32\drivers\a6dmxjb7.sys []
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\K0MPR3~1\LOCALS~1\Temp\aujasnkj.sys []
S3 catchme;catchme; \??\C:\12345\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2007-10-30 17024]
S3 CH341SER;CH341SER; C:\WINDOWS\System32\Drivers\CH341SER.SYS [2006-06-05 35824]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GPU-Z;GPU-Z; C:\WINDOWS\system32\drivers\GPU-Z.sys []
S3 I97DRIVER;I97DRIVER; \??\C:\PROGRA~1\AVANQU~1\Fix-It\dgs.sys []
S3 MailScan;MailScan; \??\C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys []
S3 MarkFun_NT;MarkFun_NT; \??\C:\Program Files\Gigabyte\@BIOS\markfun.w32 []
S3 mbr;mbr; \??\C:\DOCUME~1\K0MPR3~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2007-10-30 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2007-10-30 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2007-10-30 10880]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.06\RivaTuner32.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2007-10-30 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2007-10-30 15232]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2007-10-30 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-10-30 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-10-30 26368]
S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2008-08-04 1964816]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2008-01-24 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2007-10-30 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 KLIF;KLIF; \??\C:\WINDOWS\system32\drivers\klif.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 .EsetTrialReset;Eset Trial Reset; C:\WINDOWS\system32\regedt32.exe [2004-08-06 3584]
S2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-12 354840]
S2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896]
S2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
S2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [1998-06-06 34036]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-10-31 14336]
S4 BRA_Scheduler;Brother BRAdminPro Scheduler; C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe [2007-09-03 65536]
S4 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
S4 gupdate1c9cf58f3a58534;Google Update Service (gupdate1c9cf58f3a58534); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-07 133104]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-10 66872]
S4 SandraDataSrv;Sandra Data Service; C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\Win32\RpcDataSrv.exe [2006-05-05 117288]
S4 SandraTheSrv;Sandra Service; C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe [2006-05-05 1231400]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:10 PM

Posted 15 August 2009 - 11:52 AM

Hi triscope,

Please do not run any other scan while I am helping you, I need to be able to see what changes are happening and what is being removed,
just follow my instructions then wait for my reply.

Combofix says that you still have 3 AV's installed did you not get rid of these like I instructed, also did you pay for all these AV's?

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

Next

Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator
  • Alow it to run when you get a Security Warning
  • A black Command Windows will open saying: "Please Wait..."
  • It will now begin to scan, please be paitent. The scan should not take more than 2 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter.txt
  • Please post the contents of that log in your next reply
Then please post back here with the following:
  • checkup.txt
  • Rooter.txt
Thanks

unite.jpg


#13 triscope

triscope
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 19 August 2009 - 07:32 AM

Hi syler. Yeah I did install those A/V's a while back but they were uninstalled. For some reason combofix was seeing them as being still in the system, but I found that only stray registry keys were still there which is maybe why it showed up. But I can assure you that those A/v's werent running. I did another scan and nothing came up after cleaning the registry. As for the A/V's if I bought them, to be honest, I didnt. I installed so many of them over the years to see which ones were better. Some were free some were not. I know its not right, but thats just the way it is for me.

So far I dont see anymore warning or popups and my scans came out clean. I know you didnt want me doing that so I'm sorry. Just wanted to let you know that I think my system is clean now. Anyways here are the logs I posted for what you wanted.

===============================
CHECKUP.TXT
===============================
Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 4
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET NOD32 Antivirus

ESET NOD32 Antivirus

Antivirus out of date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Eusing Free Registry Cleaner
Microsoft VM for Java
Java™ 6 Update 3
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.5
Chinese Traditional Fonts Support For Adobe Reader 8
``````````````````````````````
Process Check:
objlist.exe by Laurent



``````````````````````````````
DNS Vulnerability Check:


`````````End of Log```````````





=======================================
ROOTER.TXT
=======================================
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3, v.3244
[32_bits] - x86 Family 6 Model 15 Stepping 11, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.13
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:195 Go - Free:24 Go )
D:\ [CD_Rom]
E:\ [Fixed-NTFS] .. ( Total:736 Go - Free:650 Go )
F:\ [CD_Rom]
G:\ [CD_Rom]
H:\ [CD_Rom]
I:\ [Removable]
J:\ [CD_Rom]
.
Scan : 08:25.41
Path : E:\downloads2\apps\Rooter.exe
User : K0MPR3SS0R ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (1036)
______ \??\C:\WINDOWS\system32\csrss.exe (1124)
______ \??\C:\WINDOWS\system32\winlogon.exe (1148)
______ C:\WINDOWS\system32\services.exe (1196)
______ C:\WINDOWS\system32\lsass.exe (1208)
______ C:\WINDOWS\system32\svchost.exe (1376)
______ C:\WINDOWS\system32\svchost.exe (1444)
______ C:\WINDOWS\System32\svchost.exe (1556)
______ C:\WINDOWS\system32\svchost.exe (1708)
______ C:\WINDOWS\system32\svchost.exe (1748)
______ C:\WINDOWS\system32\spoolsv.exe (1916)
______ C:\WINDOWS\Explorer.EXE (556)
______ C:\WINDOWS\RTHDCPL.EXE (816)
______ C:\WINDOWS\system32\xRaidSetup.exe (832)
______ C:\WINDOWS\system32\oodtray.exe (840)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (856)
______ C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (900)
______ C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (960)
______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (940)
______ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (168)
______ C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (1168)
______ C:\Program Files\Messenger\msmsgs.exe (1344)
______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (1492)
______ C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (1580)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (1636)
______ C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (1888)
______ C:\Program Files\DAEMON Tools Lite\daemon.exe (1772)
______ C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (1964)
______ C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\G15NetSpeed\G15NetSpeed.exe (2024)
______ C:\WINDOWS\System32\svchost.exe (340)
______ C:\Program Files\Windows Media Player\WMPNSCFG.exe (588)
______ C:\WINDOWS\system32\ctfmon.exe (616)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (748)
______ C:\WINDOWS\system32\nvsvc32.exe (1648)
______ C:\WINDOWS\system32\oodag.exe (1696)
______ C:\WINDOWS\system32\svchost.exe (2480)
______ C:\Program Files\Windows Media Player\WMPNetwk.exe (2740)
______ C:\WINDOWS\System32\alg.exe (2452)
______ C:\WINDOWS\system32\DllHost.exe (1872)
______ C:\Program Files\Google\Update\GoogleUpdate.exe (3720)
______ C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (3292)
______ c:\program files\common files\installshield\updateservice\isuspm.exe (1312)
______ C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (404)
______ C:\Program Files\Winamp\winamp.exe (2424)
______ C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\FreeYouTubeToMP3Converter.exe (5700)
______ C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe (3828)
______ E:\downloads2\apps\SecurityCheck.exe (3568)
______ C:\WINDOWS\system32\cmd.exe (5116)
______ C:\WINDOWS\system32\notepad.exe (5652)
______ E:\downloads2\apps\Rooter.exe (768)
______ C:\WINDOWS\system32\wuauclt.exe (3480)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:209711706624)
\Device\Harddisk0\Partition0 (Start_Offset:209711738880 | Length:790465858560)
\Device\Harddisk0\Partition2 (Start_Offset:209711771136 | Length:790465826304)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\Tasks\2 Copernic Daily ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\Tasks\3 Copernic Weekly ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\Tasks\4 Copernic Monthly ~MONSTER K0MPR3SS0R.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\NatSpeak Periodic Acoustic Optimization.job
C:\WINDOWS\Tasks\NatSpeak Periodic Language Model Optimization.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\K0MPR3~1\Application Data\Avanquest\Fix-It\Quarantine\Data\crack.exe.QUAR00.QUAR0D
C:\DOCUME~1\K0MPR3~1\Favorites\Boing Boing Microsoft Genuine Advantage cracked in 24h window.g_sDisableWGACheck='all'.url
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 08:26.04
.
C:\Rooter$\Rooter_1.txt - (19/08/2009 | 08:26.04).c

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:10 PM

Posted 21 August 2009 - 09:33 AM

IMPORTANT NOTE: Your scan log results indicate you are using keygens/crack tools.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


Well, thankyou for being honest but if you want me to carry on assisting you, you will need to remove any illegal software, which it appears you have
quite alot of, aswell as an illegal OS.

For some reason combofix was seeing them as being still in the system, but I found that only stray registry keys were still there which is maybe why it showed up. But I can assure you that those A/v's werent running. I did another scan and nothing came up after cleaning the registry.


Do not run combofix unless I ask you to, it is a very powerfull tool and does not need to be run just to check something like this, that is why I asked you to run
Security Check, and don't run any other scans either, I will tell you when you look clean which is not yet.

Another point, I have noticed that you are not following my instruction correctly, can you please follow them exactly as they are written, if they ask you to save
a tool to the desktop then that is what I want you to do, thier are reasons why we ask you to do this, you don't need to worry about cluttering you desktop
because all the tools we use should be removed when we are finished. Also do not run any of the tool at the same time run each step one at a time, ok?


Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

ESET NOD32 Antivirus

Additional instructions can be found Add or Remove programs.

Next

First delete the copy of combofix you already have then download a new copy and save it to your Desktop.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FileLook::
c:\windows\system32\drivers\TCPIP.SYS
Regnull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
DDS::
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Please run a BitDefender Online Scan

Note: Only works with internet explorer
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop as results.txt and post it in your next reply.
Then post back with Combofix.txt and the Bitdefender report.

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:10 PM

Posted 26 August 2009 - 09:24 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users