Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer may be corrupted


  • This topic is locked This topic is locked
4 replies to this topic

#1 damascus

damascus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 20 February 2010 - 05:54 PM

Hello all. i've been having weird problems with explorer for a while now. it started around a month ago when internet explorer had black screens. not that i use it but sometimes i use it when a page doesn't seem to work in FF. i have Superantispyware, Malwarebytes Antimalware, and Eset Smart Security and they've found nothing. i think maybe they detected and removed something long ago but the malware left IE or explorer partially corrupted.

sometimes i notice a hourglass or busy thing on the cursor whenever i'm looking at thumbnailed images. i've had it repeatedly when using DVDShrink. and sometimes explorer.exe in the process list seems to have a slight memory leak at 50mb. can anyone help? thanks

the HJ log seems clean as far as i can tell

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:00 PM, on 2/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Blaze Media Pro\NMSAccess32.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trillian4\trillian.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xtoff/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\peerblock\peerblock.exe
O4 - Startup: ClipCache Pro.lnk = C:\Program Files\ClipCache\clipc.exe
O4 - Global Startup: ClipCache Pro.lnk = C:\Program Files\ClipCache\clipc.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197766304268
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Professional\nmsaccessu.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:54 AM

Posted 22 February 2010 - 04:04 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log
Thanks

Edited by syler, 22 February 2010 - 04:06 PM.

unite.jpg


#3 damascus

damascus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 22 February 2010 - 06:32 PM

thank you for replying. i've included 2 of the 3 logs because the last part you asked for sounds dangerous. i installed XP SP3 today, and i think the problem might be gone.

info.txt logfile of random's system information tool 1.06 2010-02-22 18:20:49

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\utorrent\uTorrent.exe" /UNINSTALL
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
AbiWord 2.6.3-->C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
AbiWord Importer/Exporter Plugins-->"C:\Program Files\AbiSuite2\AbiWord\plugins\UninstallAbiWordIEPlugins.exe"
AbiWord Tools Plugins-->"C:\Program Files\AbiSuite2\AbiWord\plugins\UninstallAbiWordToolsPlugins.exe"
Adaptec UDF Reader-->C:\WINDOWS\system32\UDFRUNIN.EXE
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Adobe® Flash® Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e_Plugin.exe -maintain plugin
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Alien Skin Eye Candy 5 Impact-->C:\PROGRA~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~1\EYECAN~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~1\EYECAN~1\INSTALL.LOG
Alien Skin Eye Candy 5 Nature-->C:\PROGRA~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~1\EYECAN~2\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~1\EYECAN~2\INSTALL.LOG
Alien Skin Eye Candy 5 Textures-->C:\PROGRA~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~1\EYECAN~3\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~1\EYECAN~3\INSTALL.LOG
Alien Skin Image Doctor 2-->C:\PROGRA~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~1\IMAGED~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~2\Plug-ins\ALIENS~1\IMAGED~1\INSTALL.LOG
AllWebMenus 5 Pro-->C:\PROGRA~1\ALLWEB~1\UNWISE.EXE C:\PROGRA~1\ALLWEB~1\INSTALL.LOG
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apophysis 2.0-->"C:\Program Files\Apophysis 2.0\uninstall.exe"
ArtifactMage-->MsiExec.exe /I{45B4747A-9B41-43B2-989A-B2771021911F}
ATMA V 5.05-->C:\Games\DIABLO~1\ATMAV~1\Setup.exe /remove
Axialis Professional Screen Saver Producer 3.6-->C:\Program Files\Axialis\Professional Screen Saver Producer\UnInstall.exe "Professional Screen Saver Producer" "AxScrProd.exe"
Bandwidth Monitor-->"C:\Program Files\Rokario\Bandwidth Monitor\unins000.exe"
Battle.net-->C:\WINDOWS\bnetunin.exe
Bejeweled 2 Deluxe-->C:\WINDOWS\iun6002ev.exe "C:\Games\Popcap\Bejeweled 2 Deluxe\irunin.ini"
Bigfish Games 7 Wonders II Second Edition-->"C:\WINDOWS\Bigfish Games 7 Wonders II Second Edition\uninstall.exe" "/U:C:\Games\Popcap\7 Wonders II\Uninstall\uninstall.xml"
Bit Che-->"C:\Program Files\Bit Che\unins000.exe"
Blaze Media Pro-->"C:\Documents and Settings\All Users\Application Data\{B10A9EE2-3B21-44A2-A778-D14E0C4BB591}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Blaze Media Pro-->C:\Documents and Settings\All Users\Application Data\{B10A9EE2-3B21-44A2-A778-D14E0C4BB591}\setup_blazemp.exe
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bookworm Adventures Deluxe-->C:\Games\BOOKWO~1\UNWISE.EXE /U C:\Games\BOOKWO~1\INSTALL.LOG
BurnAware Professional 2.3.0-->"C:\Program Files\BurnAware Professional\unins000.exe"
BurnAware Professional 2.3.8-->"C:\Program Files\BurnAware Professional\unins001.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDRoller version 7.00-->"C:\Program Files\CDRoller\unins000.exe"
ClipCache Pro 3.1.3-->"C:\Program Files\ClipCache\unins000.exe"
CloneDVD 4.1.0.23-->"C:\Program Files\CloneDVD\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CryptCD5.0-->c:\Program Files\Timesave Software\CryptCD 5.0\ccd5uninst.exe
Deep Space 3D Screensaver 1.0-->"C:\Program Files\Deep Space 3D Screensaver\unins000.exe"
Desktop Wallpaper Manager-->"C:\Program Files\Computer-Expert Group\Desktop Wallpaper Manager\unins000.exe"
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Diablo-->C:\WINDOWS\diabunin.exe
Doom Builder 2.0-->"C:\Games\Doom\Doom Builder 2\unins000.exe"
Doom Connector 3.5-->"C:\Games\Doom\Doom Connector\unins000.exe"
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Dungeon Runners-->C:\Program Files\InstallShield Installation Information\{D39B485D-469E-4E27-BB08-9E871E3454E9}\setup.exe -runfromtemp -l0x0009 -removeonly
Dungeon Siege 2-->"C:\Games\Dungeon Siege 2\UNINSTAL.EXE" /runtemp /uninstall
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab 6.0.2.2 by TEAM AHCU(June 26, 2009)-->"C:\Program Files\DVDFab 6\unins000.exe"
DVD-lab PRO 2.3-->"C:\Program Files\DVDlabPro2\unins000.exe"
Easy Thumbnails (Remove only)-->"C:\Program Files\Easy Thumbnails\unins000.exe"
ePrompter-->C:\Program Files\ePrompter\Uninstall.exe
ESET Smart Security-->MsiExec.exe /I{FBF09842-EB7F-4BC2-BD32-DDE2572B2195}
EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
Fantastic Flame Screensaver-->C:\Program Files\Fantastic Flame Screensaver\uninstall.exe
Flash Renamer 6.04-->"C:\Program Files\Flash Renamer\unins000.exe"
FontExpert 2009-->C:\Program Files\FontExpert\pssetupFontExpert2009v10.exe /u psuninstFontExpert2009v10.inf
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Fraps (remove only)-->"C:\Games\FRAPS\uninstall.exe"
Free Download Manager 3.0 Bittorrent plugin-->"C:\Program Files\Free Download Manager\unins000.exe"
Game Elements GGE910 Wireless PC Control Pad-->C:\PROGRA~1\GAMEEL~1\UNWISE.EXE C:\PROGRA~1\GAMEEL~1\INSTALL.LOG
GraphicsGale version 1.82-->"C:\Program Files\GraphicsGale\unins000.exe"
Hidden Finder 1.4.0-->"C:\Program Files\HiddenFinder\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Common Files\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
HTML Executable IERuntime-->C:\Program Files\Common Files\HTML Executable Viewer\{AF358AB7-0CEF-40B5-A569-D27F8F38232D}\heieunin.exe
HxD Hex Editor version 1.7.7.0-->"C:\Program Files\HxD\unins000.exe"
IcoFX 1.5.01-->"C:\Program Files\IcoFX 1.5\unins000.exe"
ImageSkill Magic Enhancer Lite (remove only)-->"C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\ImageSkill\uninstall.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Jasc Animation Shop 3-->MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Java 2 Runtime Environment, SE v1.4.2_02-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142020}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
jZip-->C:\Program Files\jZip\Uninstall.exe C:\PROGRA~1\jZip\UNWISE.EXE C:\PROGRA~1\jZip\INSTALL.LOG
K-Lite Mega Codec Pack 4.1.4-->"C:\Program Files\K-Lite Codec Pack\unins001.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Lexmark X5100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Logitech GamePanel Software 2.01-->MsiExec.exe /X{02E416E6-736D-48CB-877B-46E5E65057E0}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manage PC Shut Down 1.0-->"C:\Program Files\Manage PC Shut Down\unins000.exe"
Marine Life 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Marine Life 3D Screensaver\unins000.exe"
Matrix Code Emulator 1.50-->"C:\WINDOWS\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Excel Viewer 97-->C:\Program Files\XLView\setup\setup.exe
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Miranda IM 0.7.3-->C:\Program Files\Miranda IM\uninstall.exe
MozBackup 1.4.9-->C:\Program Files\MozBackup\Uninstall.exe
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NameMage-->C:\PROGRA~1\NameMage\UNWISE.EXE C:\PROGRA~1\NameMage\INSTALL.LOG
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
nik Color Efex Pro 2.0 Complete-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\nik Color Efex Pro 2.0 Complete\uninstal.log
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Numerology Calculator-->"C:\Program Files\2Near\Numerology\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA GAME System Software 2.8.1-->MsiExec.exe /I{4F0C7CCF-5666-474B-B02E-AC514A95EC93}
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
OpenGL-->C:\WINDOWS\uninst.exe -f"C:\Program Files\OGLSDK\DeIsL1.isu" -c"C:\Program Files\OGLSDK\_ISREG32.DLL"
Password Keeper-->C:\WINDOWS\SDUnInst.exe c:\program files\software by design\passkeep.uni
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Peggle Nights Deluxe-->"C:\WINDOWS\Peggle Nights Deluxe\uninstall.exe" "/U:C:\Games\Popcap\Peggle Nights Deluxe\Uninstall\uninstall.xml"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
PlugY, The Survival Kit-->"C:\Games\Diablo II\Mod PlugY\PlugY Uninstaller.exe"
PS Tray Factory 2.52-->"C:\Program Files\PS Tray Factory\unins000.exe"
Puzzle Quest-->"C:\WINDOWS\Puzzle Quest\uninstall.exe" "/U:C:\Games\Puzzle Quest\Uninstall\uninstall.xml"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Reaxxion (remove only)-->C:\Games\Popcap\Reaxxion\Uninstall.exe
Retoucher-->"C:\Program Files\AKVIS\Retoucher\Uninstall\Uninstall.exe" "C:\Program Files\AKVIS\Retoucher\Uninstall\install.log" -u
Ricochet Lost Worlds: Recharged-->C:\Games\Ricochet\unins000.exe
Sea Storm 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Sea Storm 3D Screensaver\unins000.exe"
Shareaza 2.5.1.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
Sierra On-Line Games (Remove only)-->C:\SIERRA\SETUP.EXE /U
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SlimDX Redistributable (March 2009)-->MsiExec.exe /X{D5395E5F-4D45-4665-8F00-234FA33678AF}
Smart Link 56K Voice Modem-->C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
SmartFTP Client-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Soldat 1.5.0-->"C:\Games\Soldat\unins000.exe"
SolSuite 2008 v8.0-->"C:\Games\Other\SolSuite\unins000.exe"
SolSuite Graphics Pack Volume 1 - v1.14-->"C:\Games\Other\SolSuite\unins001.exe"
SolSuite Graphics Pack Volume 2 - v2.11-->"C:\Games\Other\SolSuite\unins002.exe"
Something Fishy: 3D Desktop Aquarium Screen Saver v1.1DX Full Version-->"C:\Program Files\UselessCreations\DesktopAquarium\uninst.exe"
Space Tunnels 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Space Tunnels 3D Screensaver\unins000.exe"
Star Defender 4-->"C:\Games\Popcap\Star Defender 4\uninstall.exe"
StyleBuilder (remove only)-->"C:\Program Files\TGTSoft\StyleBuilder\StyleBuilder-uninstall.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Super DVD Creator 9.5-->"C:\Program Files\Super_DVD_Creator_9.5\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SWiSHmax-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHmax\uninstal.log
The File Splitter 1.31-->"C:\Program Files\The File Splitter 1.31\unins000.exe"
The Matrix Trilogy 3D Code Screen Saver Donor Version v3.4-->"C:\Program Files\UselessCreations\Matrix3D\uninst.exe"
Trillian-->C:\Program Files\Trillian4\Trillian.exe /uninstall
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Unreal Tournament G.O.T.Y. Edition-->C:\Games\Unreal Tournament\System\Setup.exe uninstall "UnrealTournament"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vector Magic-->"C:\Program Files\Vector Magic\Uninstall.exe"
VideoMach 5.1.1-->C:\Program Files\VideoMach-5.1.1\uninstall.exe
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warlords Battlecry III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93DA8968-092B-4E6F-B568-AB8471952143}\Setup.exe" -l0x9
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xara Xtreme Pro 4 Trial-->C:\Program Files\Xara\Xara Xtreme Pro 4\unwise.exe
XLink Kai-->MsiExec.exe /X{2773B836-AC66-4178-A414-C5A0F9F5D805}

=====HijackThis Backups=====

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab [2008-05-20]
O4 - HKCU\..\Run: [Alcohol.bin Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.bin /startup [2008-05-20]
O20 - Winlogon Notify: xxYQHwXN - xxYQHwXN.dll (file missing) [2008-07-17]
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe [2009-03-21]
O2 - BHO: (no name) - {F52D3BC4-6295-459B-99D6-BC2D6A0DDE85} - C:\WINDOWS\system32\xxyxWmnn.dll [2009-03-21]
O4 - HKLM\..\Run: [Iyejijefedaweve] rundll32.exe "C:\WINDOWS\Xgewakamodet.dll",e [2009-03-21]
O4 - HKLM\..\Run: [e4947e2d] rundll32.exe "C:\WINDOWS\system32\aaymsnds.dll",b [2009-03-21]
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-03-21]
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Kracov\reader_s.exe [2009-03-21]
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\Kracov\LOCALS~1\Temp\h38sa7a.exe [2009-03-21]
O4 - HKLM\..\Run: [Wwufe] rundll32.exe "C:\WINDOWS\iguficuzuhifu.dll",e [2009-03-21]
O4 - HKCU\..\Run: [] C:\DOCUME~1\Kracov\LOCALS~1\Temp\h38sa7a.exe [2009-03-21]
O20 - AppInit_DLLs: rllswd.dll [2009-05-07]
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (file missing) [2009-06-27]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-06-27]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-06-27]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-27]
O2 - BHO: (no name) - {456F0A11-BAD1-4FB7-8336-3E064940BA30} - (no file) [2009-06-27]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-06-27]
O23 - Service: EITUACService - Unknown owner - C:\Program Files\IT Works\Ez Internet Timer\EITUACService.exe (file missing) [2009-07-12]
O23 - Service: EzEITService - Unknown owner - C:\Program Files\IT Works\Ez Internet Timer\EzEITService.exe (file missing) [2009-07-12]
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.4.0.970\ssd.dll [2009-09-04]
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file) [2009-09-04]
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE [2009-09-04]
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) [2009-09-04]
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE [2009-09-04]
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE" -Update -1103470 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)" -"http://homepage.mac.com/qubedstudios/metroidcubed.htm" [2010-02-08]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2010-02-20]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2010-02-20]
O15 - Trusted Zone: *.easy-share.com [2010-02-20]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2010-02-20]
O15 - Trusted Zone: http://w14.easy-share.com [2010-02-20]

======Hosts File======

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal firewall

======System event log======

Computer Name: KRACOV-1C597D01
Event Code: 8
Message: Printer Lexmark X5100 Series was purged.

Record Number: 60647
Source Name: Print
Time Written: 20091207103804.000000-300
Event Type: warning
User: KRACOV-1C597D01\Kracov

Computer Name: KRACOV-1C597D01
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 60642
Source Name: W32Time
Time Written: 20091206170539.000000-300
Event Type: warning
User:

Computer Name: KRACOV-1C597D01
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001A927D14B6. The IP address being used is 169.254.43.80.

Record Number: 60594
Source Name: Dhcp
Time Written: 20091204131722.000000-300
Event Type: warning
User:

Computer Name: KRACOV-1C597D01
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{131E038D-01FD-416D-B4AF-79445D38C7E0}.

Record Number: 60593
Source Name: Server
Time Written: 20091204131720.000000-300
Event Type: warning
User:

Computer Name: KRACOV-1C597D01
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A927D14B6. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 60592
Source Name: Dhcp
Time Written: 20091204131713.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: KRACOV-1C597D01
Event Code: 3
Message:
Record Number: 3627
Source Name: Adobe Version Cue CS3
Time Written: 20090329150658.000000-240
Event Type: error
User:

Computer Name: KRACOV-1C597D01
Event Code: 3
Message:
Record Number: 3626
Source Name: Adobe Version Cue CS3
Time Written: 20090329150658.000000-240
Event Type: error
User:

Computer Name: KRACOV-1C597D01
Event Code: 3
Message:
Record Number: 3625
Source Name: Adobe Version Cue CS3
Time Written: 20090329150658.000000-240
Event Type: error
User:

Computer Name: KRACOV-1C597D01
Event Code: 3
Message:
Record Number: 3624
Source Name: Adobe Version Cue CS3
Time Written: 20090329150658.000000-240
Event Type: error
User:

Computer Name: KRACOV-1C597D01
Event Code: 3
Message:
Record Number: 3623
Source Name: Adobe Version Cue CS3
Time Written: 20090329150658.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Java\jre1.6.0_03\bin;C:\Program Files\ImageConverter Plus;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0b
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------









Logfile of random's system information tool 1.06 (written by random/random)
Run by Kracov at 2010-02-22 18:20:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 110 GB (72%) free of 153 GB
Total RAM: 1534 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:48 PM, on 2/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Blaze Media Pro\NMSAccess32.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\peerblock\peerblock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Trillian4\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kracov\My Documents\RSIT.exe
C:\Program Files\Common Files\Kracov.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://xtoff/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /start
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\peerblock\peerblock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ClipCache Pro.lnk = C:\Program Files\ClipCache\clipc.exe
O4 - Global Startup: ClipCache Pro.lnk = C:\Program Files\ClipCache\clipc.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\RazaWebHook32.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://themepsp.craveonline.com
O15 - Trusted Zone: http://myaccount.dishmail.net
O15 - Trusted Zone: *.dishmail.net
O15 - Trusted Zone: http://www.dishnetwork.com
O15 - Trusted Zone: http://www.duels.com
O15 - Trusted Zone: http://*.duels.com
O15 - Trusted Zone: http://www.ebay.com
O15 - Trusted Zone: http://www.fmpub.net
O15 - Trusted Zone: http://www.google-analytics.com
O15 - Trusted Zone: http://www.instructables.com
O15 - Trusted Zone: http://www.meebo.com
O15 - Trusted Zone: http://www.quantserve.com
O15 - Trusted Zone: http://www.real.com
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1266859584968
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Professional\nmsaccessu.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

--
End of file - 6975 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2}]
SACert Class - C:\WINDOWS\system32\SoftAheadCert.dll [2008-02-28 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-07-30 1689360]
"Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2007-07-30 2094352]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"JMB36X Configure"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-10-30 1953792]
"TrayFactory"=C:\Program Files\PS Tray Factory\PSTrayFactory.EXE [2007-07-03 360960]
"Lexmark X5100 Series"=C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe [2003-03-04 86100]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-29 1657376]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-30 13918208]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"=C:\Program Files\PS Tray Factory\PSTrayFactory.EXE [2007-07-03 360960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"=C:\Program Files\peerblock\peerblock.exe [2009-09-28 1524824]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcohol.exe Autorun]
C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe [2008-05-30 25582]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DBM.exe]
C:\Program Files\Computer-Expert Group\Desktop Wallpaper Manager\DWM.exe [2007-03-01 5269504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy ShutDown]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IECheck]
C:\WINDOWS\IECheck.exe [2005-11-17 108544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe [2007-01-29 1432064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler]
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PeerGuardian.lnk]
C:\PROGRA~1\PEERGU~1\pg2.exe [2007-01-29 1432064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2
"Sukoku Service"=2
"ASTSRV"=2
"astcc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
ClipCache Pro.lnk - C:\Program Files\ClipCache\clipc.exe

C:\Documents and Settings\Kracov\Start Menu\Programs\Startup
ClipCache Pro.lnk - C:\Program Files\ClipCache\clipc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EITUACService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EzEITService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EITUACService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EzEITService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=00000000
"NoSMHelp"=01000000
"NoFind"=0
"NoFolderOptions"=0
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Kracov\Local Settings\Temp\nsl9A.tmp\utorrent.exe"="C:\Documents and Settings\Kracov\Local Settings\Temp\nsl9A.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Trillian4\trillian.exe"="C:\Program Files\Trillian4\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Games\Dungeon Siege 2\DungeonSiege2.exe"="C:\Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Games\Quake III Arena\Quake3\quake3.exe"="C:\Games\Quake III Arena\Quake3\quake3.exe:*:Disabled:quake3"
"C:\Program Files\Player Connector\Connector.exe"="C:\Program Files\Player Connector\Connector.exe:*:Enabled:Player Connector Client"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Games\Alien Arena 2007\crx.exe"="C:\Games\Alien Arena 2007\crx.exe:*:Enabled:crx"
"C:\WINDOWS\Dream Aquarium.scr"="C:\WINDOWS\Dream Aquarium.scr:*:Disabled:Dream Aquarium"
"C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe:*:Disabled:AnyDVD"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Games\Soldat\Soldat.exe"="C:\Games\Soldat\Soldat.exe:*:Disabled:Soldat"
"C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe"="C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe:*:Enabled:EHttpSrv"
"C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe:*:Enabled:Display user interface"
"C:\Program Files\FontLab\Studio5\Studio5.exe"="C:\Program Files\FontLab\Studio5\Studio5.exe:*:Disabled:Studio 5"
"C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\TwistingPixels\TwistingPixels.exe"="C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\PlugIns\TwistingPixels\TwistingPixels.exe:*:Disabled:TwistingPixels"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\Program Files\Fantastic Flame Screensaver\Fantastic Flame Screensaver.exe"="C:\Program Files\Fantastic Flame Screensaver\Fantastic Flame Screensaver.exe:*:Disabled:Fantastic Flame Screensaver"
"C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe"="C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe:*:Disabled:FantasticFlameAgent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\OFFSystem\offsystem.exe"="C:\Program Files\OFFSystem\offsystem.exe:*:Enabled:offsystem"
"C:\Games\Doom\vavoom.exe"="C:\Games\Doom\vavoom.exe:*:Enabled:vavoom"
"C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Programs\CorelDRW.exe"="C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Programs\CorelDRW.exe:*:Disabled:CorelDRW"
"C:\Games\Doom\zlauncher.exe"="C:\Games\Doom\zlauncher.exe:*:Enabled:ZDaemon Browser"
"C:\Games\Doom\zdaemon.exe"="C:\Games\Doom\zdaemon.exe:*:Enabled:zdaemon"
"C:\Games\Doom\zsl\zsllite.exe"="C:\Games\Doom\zsl\zsllite.exe:*:Enabled:ZDaemon Server Launcher"
"C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe"="C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe:*:Disabled:Adobe Photoshop CS3"
"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"="C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe:*:Disabled:FNPLicensingService"
"C:\Documents and Settings\Kracov\My Documents\utorrent-1.6.exe"="C:\Documents and Settings\Kracov\My Documents\utorrent-1.6.exe:*:Enabled:µTorrent"
"C:\Program Files\utorrent\utorrent-1.6.exe"="C:\Program Files\utorrent\utorrent-1.6.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Alcohol Soft\Alcohol 120\alcohol_.exe"="C:\Program Files\Alcohol Soft\Alcohol 120\alcohol_.exe:*:Disabled:Alcohol 120%"
"C:\Program Files\DVDFab Platinum 4\DVDFabPlatinum.exe"="C:\Program Files\DVDFab Platinum 4\DVDFabPlatinum.exe:*:Disabled:DVDFab Platinum"
"C:\Program Files\DVDFab 5\DVDFab.exe"="C:\Program Files\DVDFab 5\DVDFab.exe:*:Disabled:DVDFab 5"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\utorrent\uTorrent.exe"="C:\Program Files\utorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-22 18:20:44 ----A---- C:\Program Files\Common Files\Kracov.exe
2010-02-22 18:20:43 ----D---- C:\rsit
2010-02-22 18:20:14 ----A---- C:\Program Files\HijackThis.exe
2010-02-22 14:35:27 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-22 14:34:16 ----D---- C:\WINDOWS\Prefetch
2010-02-22 14:30:59 ----A---- C:\WINDOWS\setuplog.txt
2010-02-22 14:30:21 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2010-02-22 14:30:21 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2010-02-22 14:30:21 ----N---- C:\WINDOWS\system32\ati3duag.dll
2010-02-22 14:30:21 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2010-02-22 14:30:21 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2010-02-22 14:30:21 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2010-02-22 14:30:21 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2010-02-22 14:30:21 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\credssp.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-02-22 14:30:20 ----N---- C:\WINDOWS\system32\azroles.dll
2010-02-22 14:30:19 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-02-22 14:30:19 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-02-22 14:30:19 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-02-22 14:30:19 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-02-22 14:30:19 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-02-22 14:30:18 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-02-22 14:30:18 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-02-22 14:30:18 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-02-22 14:30:18 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-02-22 14:30:18 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-02-22 14:30:18 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-02-22 14:30:18 ----N---- C:\WINDOWS\system32\ieencode.dll
2010-02-22 14:30:18 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2010-02-22 14:30:17 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-02-22 14:30:17 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-02-22 14:30:17 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2010-02-22 14:30:17 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-02-22 14:30:17 ----N---- C:\WINDOWS\system32\mssha.dll
2010-02-22 14:30:17 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-02-22 14:30:17 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-02-22 14:30:17 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-02-22 14:30:17 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-02-22 14:30:17 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2010-02-22 14:30:16 ----N---- C:\WINDOWS\system32\setupn.exe
2010-02-22 14:30:16 ----N---- C:\WINDOWS\system32\s3gnb.dll
2010-02-22 14:30:16 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-02-22 14:30:16 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-02-22 14:30:16 ----N---- C:\WINDOWS\system32\qutil.dll
2010-02-22 14:30:16 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-02-22 14:30:16 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-02-22 14:30:16 ----N---- C:\WINDOWS\system32\qagent.dll
2010-02-22 14:30:16 ----N---- C:\WINDOWS\system32\onex.dll
2010-02-22 14:30:16 ----N---- C:\WINDOWS\system32\napstat.exe
2010-02-22 14:30:15 ----N---- C:\WINDOWS\system32\slrundll.exe
2010-02-22 14:30:14 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-02-22 14:30:14 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-02-22 14:30:14 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-02-22 14:30:11 ----D---- C:\WINDOWS\system32\scripting
2010-02-22 14:30:11 ----D---- C:\WINDOWS\l2schemas
2010-02-22 14:30:10 ----D---- C:\WINDOWS\system32\en
2010-02-22 14:30:10 ----D---- C:\WINDOWS\system32\bits
2010-02-22 14:27:18 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-22 14:25:34 ----D---- C:\WINDOWS\network diagnostic
2010-02-22 14:24:28 ----A---- C:\WINDOWS\002841_.tmp
2010-02-22 14:23:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-22 14:23:20 ----D---- C:\WINDOWS\EHome
2010-02-21 12:22:15 ----D---- C:\WINDOWS\WBEM
2010-02-21 12:21:50 ----HDC---- C:\WINDOWS\ie8
2010-02-21 12:21:22 ----A---- C:\WINDOWS\imsins.BAK
2010-02-21 12:21:16 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-02-20 17:51:21 ----A---- C:\Program Files\Common Files\HijackThis.exe

======List of files/folders modified in the last 1 months======

2010-02-22 18:20:48 ----D---- C:\Program Files\Common Files
2010-02-22 18:20:47 ----D---- C:\Program Files\peerblock
2010-02-22 18:20:44 ----D---- C:\WINDOWS\Temp
2010-02-22 18:20:14 ----RD---- C:\Program Files
2010-02-22 16:59:23 ----D---- C:\Documents and Settings\Kracov\Application Data\Free Download Manager
2010-02-22 15:33:03 ----A---- C:\Documents and Settings\Kracov\Application Data\burnaware.ini
2010-02-22 15:05:07 ----A---- C:\WINDOWS\clipc.INI
2010-02-22 15:04:09 ----D---- C:\WINDOWS\system32
2010-02-22 15:03:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-22 15:03:09 ----A---- C:\WINDOWS\system32\uxtheme.dll
2010-02-22 15:02:44 ----D---- C:\Program Files\Trillian4
2010-02-22 14:38:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-22 14:35:27 ----AD---- C:\WINDOWS
2010-02-22 14:35:13 ----D---- C:\WINDOWS\Debug
2010-02-22 14:34:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-22 14:33:47 ----RSD---- C:\WINDOWS\Fonts
2010-02-22 14:33:47 ----D---- C:\WINDOWS\system32\wbem
2010-02-22 14:33:47 ----D---- C:\WINDOWS\system32\Setup
2010-02-22 14:33:47 ----D---- C:\WINDOWS\AppPatch
2010-02-22 14:33:45 ----D---- C:\WINDOWS\system32\drivers
2010-02-22 14:32:29 ----D---- C:\WINDOWS\security
2010-02-22 14:32:26 ----HD---- C:\WINDOWS\inf
2010-02-22 14:32:16 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-22 14:30:38 ----D---- C:\WINDOWS\WinSxS
2010-02-22 14:30:36 ----D---- C:\Program Files\Messenger
2010-02-22 14:30:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-22 14:30:32 ----D---- C:\Program Files\Windows Media Player
2010-02-22 14:30:30 ----D---- C:\WINDOWS\Help
2010-02-22 14:30:22 ----D---- C:\WINDOWS\ime
2010-02-22 14:30:12 ----D---- C:\WINDOWS\system32\usmt
2010-02-22 14:30:12 ----D---- C:\WINDOWS\system32\en-US
2010-02-22 14:30:11 ----SHD---- C:\WINDOWS\Installer
2010-02-22 14:30:11 ----D---- C:\Program Files\Internet Explorer
2010-02-22 14:30:10 ----D---- C:\WINDOWS\PeerNet
2010-02-22 14:30:10 ----D---- C:\Program Files\Movie Maker
2010-02-22 14:27:11 ----D---- C:\WINDOWS\system32\Restore
2010-02-22 14:27:11 ----D---- C:\WINDOWS\system32\npp
2010-02-22 14:27:10 ----D---- C:\WINDOWS\msagent
2010-02-22 14:27:09 ----D---- C:\WINDOWS\srchasst
2010-02-22 14:27:08 ----D---- C:\Program Files\NetMeeting
2010-02-22 14:27:07 ----D---- C:\WINDOWS\system32\Com
2010-02-22 14:27:04 ----D---- C:\Program Files\Windows NT
2010-02-22 14:27:04 ----D---- C:\Program Files\Outlook Express
2010-02-22 14:27:02 ----D---- C:\Program Files\Common Files\System
2010-02-22 14:26:47 ----D---- C:\WINDOWS\system32\oobe
2010-02-22 14:26:43 ----D---- C:\WINDOWS\system
2010-02-22 12:26:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-22 04:06:47 ----A---- C:\WINDOWS\ModemLog_Smart Link 56K Voice Modem.txt
2010-02-21 12:22:09 ----RD---- C:\WINDOWS\Offline Web Pages
2010-02-21 12:22:09 ----D---- C:\WINDOWS\Media
2010-02-21 12:21:10 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-20 15:16:10 ----D---- C:\Program Files\Common Files\backups
2010-02-20 14:18:08 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2010-02-18 17:25:14 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-16 17:06:33 ----A---- C:\WINDOWS\win.ini
2010-02-14 21:47:19 ----D---- C:\Documents and Settings\Kracov\Application Data\uTorrent
2010-02-12 20:08:46 ----SHD---- C:\Config.Msi
2010-02-12 20:08:43 ----D---- C:\WINDOWS\system32\DirectX
2010-02-08 02:29:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-08 02:25:43 ----D---- C:\WINDOWS\Cache
2010-02-05 22:09:40 ----D---- C:\Program Files\AllWebMenus5
2010-01-31 00:46:42 ----D---- C:\Documents and Settings\Kracov\Application Data\vlc
2010-01-23 03:47:06 ----D---- C:\Program Files\Mozilla Firefox
2010-01-23 03:25:15 ----SH---- C:\boot.ini
2010-01-23 03:25:15 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2008-02-20 33408]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-09-26 25768]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 UdfReadr;UdfReadr; C:\WINDOWS\system32\drivers\UdfReadr.sys [2002-02-22 206208]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-12-08 104512]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys [2005-05-10 237616]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-30 7768864]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056]
R3 pbfilter;pbfilter; \??\C:\Program Files\peerblock\pbfilter.sys []
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\SLDRV\slntamr.sys [2005-05-10 698848]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys [2005-05-10 13248]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys []
S2 npkcrypt;npkcrypt; \??\C:\Games\MapleStory\npkcrypt.sys []
S3 abnyherh;abnyherh; C:\WINDOWS\system32\drivers\abnyherh.sys []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2007-10-02 94208]
S3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\system32\DRIVERS\IPFilter.sys [2002-04-11 11136]
S3 KProcWatch;KProcWatch; \??\C:\WINDOWS\system32\drivers\KProcWatch.sys []
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys [2005-05-10 1464848]
S3 NC100;Network Everywhere Fast Ethernet Adapter(NC100 v2); C:\WINDOWS\system32\DRIVERS\NC100A.sys [2001-02-23 35013]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2008-06-06 42512]
S3 npkcusb;npkcusb; \??\C:\Games\MapleStory\npkcusb.sys []
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-21 47360]
S3 pspdisp;pspdisp; C:\WINDOWS\system32\DRIVERS\pspdisp.sys [2008-09-12 3328]
S3 PsSdk41;PsSdk41; \??\C:\WINDOWS\system32\Drivers\pssdk41.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SetupSys;Conexant Setup API; C:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 8811]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys [2005-05-10 101328]
S3 XPAD910;XPADFilter Service 910; C:\WINDOWS\system32\DRIVERS\xpad910.sys [2006-02-07 29405]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-28 303104]
R2 NMSAccess;NMSAccess; C:\Program Files\Blaze Media Pro\NMSAccess32.exe [2009-01-12 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-30 168004]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slmdmsr.exe [2005-05-10 61440]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 NMSAccessU;NMSAccessU; C:\Program Files\BurnAware Professional\nmsaccessu.exe [2008-05-03 71096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-21 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 ASTCC;AST Service; C:\WINDOWS\system32\astsrv.exe [2008-05-19 57344]
S4 ASTSRV;Nalpeiron Licensing Service; C:\WINDOWS\system32\ASTSRV.EXE [2008-05-19 57344]
S4 EITUACService;EITUACService; C:\Program Files\IT Works\Ez Internet Timer\EITUACService.exe EzInternetTimer_Service []
S4 EzEITService;EzEITService; C:\Program Files\IT Works\Ez Internet Timer\EzEITService.exe EzInternetTimer_Service []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe []
S4 Sukoku Service;Sukoku Service; C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku114.exe C:\Program Files\Sukoku\sukoku.dll Service []

-----------------EOF-----------------


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:54 AM

Posted 23 February 2010 - 11:18 AM

Hi,

It is fine to run Gmer we wouldn't ask you to do it if it wasn't and it's important to get a rootkit scan so please
run it and post the log in your next reply.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the icon on your desktop.
  • Paste the following code under the area. Do not include the word "Code".
    CODE
    :Services
    Sukoku Service
    :Reg
    [HKCU\Software\Microsoft\Internet Connection Wizard]
    "ShellNext"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy ShutDown]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service"=-
    "Sukoku Service"=-
    :Commands
    [Purity]
    [EmptyTemp]
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Then please post back here with the following logs:
  • OTM results
  • Gmer log
  • New Rsit log.txt

Thanks

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:54 AM

Posted 27 February 2010 - 07:15 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users