Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers hijacked, comp freezes


  • This topic is locked This topic is locked
9 replies to this topic

#1 Bhruic

Bhruic

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 August 2010 - 05:42 PM

Internet Explorer opens 4 extra windows upon being started:
hxxp://infomoneyservice.com/1/blank.php
hxxp://infomoneyservice.com/2/blank.php
hxxp://infomoneyservice.com/3/blank.php
hxxp://infomoneyservice.com/4/blank.php

Google search redirect. From the main google search page a list of results which looks legitimate takes the browser to various pages, either false antivirus products, shopping or a broken ad site. Occurs about as often as I get real links.

Firefox has been slowed to a grinding halt and is unusable while taking up 25% of CPU (quadcore).

And my computer freezes at times, becoming unresponsive to all commands and the mouse while repeatedly replaying any sound effect that took place at the time of the freeze. Happens primarily during more CPU intensive operations such as computer games, malware scanning, or watching video feeds and forces me to reboot.

I've tried to resolve the problems with Kaskersky's Virus Removal Tool, TDSSKiller, ZbotKiller, CCleaner, Malwarebytes anti-malware, Superantispyware, AdAware, and lastly Spybot (which freezes my computer at some point during the scan).

Assistance would be very much appreciated.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 13:22:45,39 on 14.08.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.352.1033.18.3582.3039 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\steam\steam.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {3A2641BA-64CA-4D13-B7F7-798C0F9E37FD} = 192.168.0.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\qwhsqgz3.default\
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-1-2 10384]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2009-10-19 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\gamez\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2009-11-22 47624]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-14 11:15:14 176 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-08-13 22:40:29 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-13 22:40:29 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-13 22:40:28 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-13 22:40:28 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-13 22:40:28 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-13 22:40:27 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-13 22:40:27 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-13 22:40:27 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-13 22:40:26 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-08-13 22:40:26 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-08-13 22:40:26 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-08-13 22:40:26 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-08-12 13:31:22 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-08-11 21:06:47 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-11 21:06:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-11 19:03:24 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-08-11 19:03:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 19:03:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 19:03:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-11 19:03:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-11 17:51:08 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-11 16:16:03 0 d-----w- c:\program files\CCleaner
2010-08-11 13:27:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-03 09:11:11 8463360 ------w- c:\windows\system32\dllcache\shell32.dll
2010-08-02 17:59:04 1557 ----a-w- c:\documents and settings\owner\.recently-used.xbel
2010-07-29 03:47:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-07-29 03:40:04 0 d-----w- C:\gyargh
2010-07-24 21:32:19 0 d-----w- c:\docume~1\alluse~1\applic~1\LAG
2010-07-24 21:32:04 0 d-----w- c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP

==================== Find3M ====================

2010-07-06 01:06:12 218808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-05 23:27:28 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-30 12:23:55 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-25 13:48:11 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-25 13:48:10 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-06-24 02:14:38 1861120 ----a-w- c:\windows\system32\win32k.sys
2010-06-24 02:14:38 1861120 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 11:30:00 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 14:18:51 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 14:18:51 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:39:55 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:39:55 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-04-25 18:31:29 17867 ----a-w- c:\program files\unins000.dat
2010-04-25 18:31:22 704282 ----a-w- c:\program files\unins000.exe
2009-11-21 15:38:20 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-11-21 15:38:20 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-11-21 15:38:20 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-11-21 15:38:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 13:23:02,46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:18 AM

Posted 21 August 2010 - 01:56 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 Bhruic

Bhruic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 21 August 2010 - 02:12 PM

Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2010-08-21 21:09:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (6%) free of 477 GB
Total RAM: 3582 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:09:15, on 21.08.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Gamez\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6368 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{CF788FA9-2BD5-4460-97CE-B613F3601831}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-13 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-20 45632]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-16 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-16 86016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2010-05-07 1238352]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-11-26 289584]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Logitech . Product Registration.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-24 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDesktopCleanupWizard"=1
"NoSharedDocuments"=1
"MaxRecentDocs"=18
"NoSMConfigurePrograms"=1
"NoRecentDocsNetHood"=1
"MemCheckBoxInRunDlg"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Gamez\Dragon Age\bin_ship\daorigins.exe"="C:\Gamez\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Gamez\Dragon Age\DAOriginsLauncher.exe"="C:\Gamez\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Gamez\League of Legends\Riot Games\League of Legends\air\LolClient.exe"="C:\Gamez\League of Legends\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Gamez\League of Legends\Riot Games\League of Legends\game\League of Legends.exe"="C:\Gamez\League of Legends\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Gamez\Red Faction Guerrilla\rfg.exe"="C:\Gamez\Red Faction Guerrilla\rfg.exe:*:Enabled:Red Faction: Guerrilla"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe"="C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe:*:Enabled:The Secret of Monkey Island: Special Edition"
"C:\Gamez\Mass Effect\Binaries\MassEffect.exe"="C:\Gamez\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Gamez\Mass Effect\MassEffectLauncher.exe"="C:\Gamez\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Gamez\Mass Effect 2\Binaries\MassEffect2.exe"="C:\Gamez\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game"
"C:\Gamez\Mass Effect 2\MassEffect2Launcher.exe"="C:\Gamez\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Gamez\BFBC2\BFBC2BetaUpdater.exe"="C:\Gamez\BFBC2\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA"
"C:\Gamez\BioShock 2\SP\Builds\Binaries\Bioshock2.exe"="C:\Gamez\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2"
"C:\Gamez\BioShock 2\MP\Builds\Binaries\Bioshock2.exe"="C:\Gamez\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer"
"C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe"="C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe:*:Enabled:Shattered Horizon"
"C:\Program Files\Steam\steamapps\common\company of heroes\help.htm"="C:\Program Files\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Steam\steamapps\common\men of war\outfront_mp.exe"="C:\Program Files\Steam\steamapps\common\men of war\outfront_mp.exe:*:Enabled:Main executable"
"C:\Program Files\Steam\steamapps\common\men of war\mow.exe"="C:\Program Files\Steam\steamapps\common\men of war\mow.exe:*:Enabled:Men of War"
"C:\Program Files\Steam\steamapps\common\men of war\mow_editor.exe"="C:\Program Files\Steam\steamapps\common\men of war\mow_editor.exe:*:Enabled:Men of War"
"C:\Program Files\Steam\steamapps\preacherboy89\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\preacherboy89\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe"="C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2"
"C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2"
"C:\Program Files\Steam\steamapps\economist89\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\economist89\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Gamez\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Gamez\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Gamez\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Gamez\Ubisoft\Assassin's Creed II\server.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\server.exe:*:Enabled:server"
"C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe"="C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe:*:Enabled:Mount and Blade: Warband"
"C:\Gamez\Company of Heroes Online\CoHOSeeder.exe"="C:\Gamez\Company of Heroes Online\CoHOSeeder.exe:*:Enabled:Company of Heroes Online Seeder (THQ)"
"C:\Gamez\Company of Heroes Online\Game\RelicCoHOWW.exe"="C:\Gamez\Company of Heroes Online\Game\RelicCoHOWW.exe:*:Enabled:Company of Heroes Online (THQ)"
"C:\Gamez\StarCraft II\StarCraft II.exe"="C:\Gamez\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"C:\Gamez\StarCraft II\Versions\Base15405\SC2.exe"="C:\Gamez\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
"C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II"
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
"C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe"="C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes: Opposing Fronts"
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-21 21:09:04 ----D---- C:\Program Files\trend micro
2010-08-21 21:09:03 ----D---- C:\rsit
2010-08-14 00:40:29 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-08-14 00:40:29 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-08-12 15:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-12 15:37:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-12 15:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-12 15:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-12 15:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-12 15:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-12 15:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-11 23:06:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-11 23:06:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-11 21:03:24 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-08-11 21:03:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-11 21:03:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-11 21:03:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-11 21:03:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-11 19:51:08 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-11 18:19:11 ----A---- C:\TDSSKiller.2.4.1.1_11.08.2010_18.19.11_log.txt
2010-08-11 18:16:03 ----D---- C:\Program Files\CCleaner
2010-08-11 17:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-08-11 17:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-11 15:27:51 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-08-11 15:18:36 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-07-29 05:47:03 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2010-07-29 05:40:04 ----D---- C:\gyargh
2010-07-29 05:33:46 ----D---- C:\Program Files\Microsoft.NET
2010-07-24 23:32:19 ----D---- C:\Documents and Settings\All Users\Application Data\LAG
2010-07-24 23:32:04 ----D---- C:\WINDOWS\11AE680750D24F5982B32C3E695E94C2.TMP
2010-07-22 13:50:48 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft

======List of files/folders modified in the last 1 months======

2010-08-21 21:09:04 ----RD---- C:\Program Files
2010-08-21 21:08:53 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2010-08-21 21:08:28 ----D---- C:\WINDOWS\Prefetch
2010-08-21 14:14:58 ----D---- C:\WINDOWS\Temp
2010-08-21 14:14:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-21 14:11:08 ----D---- C:\Program Files\Steam
2010-08-21 14:11:05 ----D---- C:\WINDOWS\system32\drivers
2010-08-19 20:34:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-17 16:38:12 ----D---- C:\WINDOWS\Minidump
2010-08-17 16:38:12 ----D---- C:\WINDOWS
2010-08-17 07:44:25 ----D---- C:\Program Files\Mozilla Firefox
2010-08-15 14:52:14 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-15 13:24:01 ----D---- C:\WINDOWS\AppPatch
2010-08-15 13:14:01 ----SHD---- C:\WINDOWS\Installer
2010-08-14 18:36:47 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-14 00:40:45 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-14 00:40:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-14 00:40:29 ----D---- C:\WINDOWS\system32
2010-08-14 00:40:28 ----HD---- C:\WINDOWS\inf
2010-08-14 00:40:06 ----RSD---- C:\WINDOWS\assembly
2010-08-14 00:39:37 ----D---- C:\WINDOWS\system32\DirectX
2010-08-13 02:17:04 ----SHD---- C:\System Volume Information
2010-08-13 01:28:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-13 01:28:19 ----SD---- C:\WINDOWS\Tasks
2010-08-12 15:37:13 ----D---- C:\WINDOWS\system32\dllcache
2010-08-12 15:37:11 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-12 15:36:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-12 15:35:54 ----D---- C:\WINDOWS\WinSxS
2010-08-12 15:33:51 ----D---- C:\Program Files\Internet Explorer
2010-08-11 22:51:24 ----D---- C:\WINDOWS\Sun
2010-08-11 18:19:48 ----D---- C:\WINDOWS\Debug
2010-08-10 14:51:55 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2010-08-07 16:35:18 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-08-03 11:09:32 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-02 19:59:05 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2010-08-01 11:15:42 ----D---- C:\Movies
2010-07-29 06:07:18 ----D---- C:\Gamez
2010-07-29 05:33:55 ----D---- C:\WINDOWS\system32\en-US
2010-07-27 08:28:54 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-22 13:50:48 ----D---- C:\Documents and Settings\Owner\Application Data\Ubisoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-09-29 65024]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-06-25 281760]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-06-25 25888]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-10-19 62848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-16 6305120]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2009-10-19 9472]
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2004-09-09 68229]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-10-19 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-10-19 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-10-19 133632]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-22 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-13 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-16 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-11 75064]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Gamez\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-10-19 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-19 14848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------


#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:12:18 AM

Posted 22 August 2010 - 09:35 AM

Step 1

The item(s) below indicate(s) you have installed uTorrent.

C:\Program Files\uTorrent\uTorrent.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"


Since the nature of P2P programs are counter productive to restoring your PC to a healthy state, I ask that you remove P2P file sharing programs prior to my providing you with malware removal assistance. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer.

The people who design and distribute malware will use any method to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular method is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.
To remove the P2P program:
  1. Click Start > Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight , click Remove.
  4. Close the Add or Remove Programs and the Control Panel windows.
  5. Using Windows Explorer (Windows key+e), search for the folder. If the program folder is still there, select/highlight . DELETE it. (File > Delete.) If Windows is not installed on the C drive, replace C:\ with the appropriate drive letter.
  6. Close Windows Explorer.
There is a Video showing how to uninstall a program (Grinler) detailing how to add or remove program in Windows for those who find a visual aid appealing. NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

I am not asking you to do remove the P2P program(s) without giving you good reasons for doing so.
  1. P2P programs form a direct conduit on to your computer.
  2. P2P security measures are easily circumvented.
  3. Some P2P programs will share everything on the computer with anyone by default. If your P2P program is not configured correctly, you may be sharing more files than you realize.
  4. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
  5. P2P programs have always been a target of malware writers. There are more Viruses, Worms and Trojans being distributed with the downloaded files.
  6. P2P programs connected to a network can be used to spread malware, share private documents, or use the file server to both store and forward malware.
  7. Many of the files in P2P networks are copyrighted and legal action could result.
  8. Pedophiles can use P2P communities to distribute child porn materials or attempt to make contact with children.
  9. This article from InfoWorld, Seattle Man Arrested For P To P ID Theft, illustrates perfectly the dangers of a poorly configured P2P program.
  10. Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
  11. When you use them, you are downloading software from an unknown source directly onto your computer bypassing your Firewall and Anti-Virus software. Many of these Downloads are being targeted to carry infections.
References for the risk of these programs are:If you continue to use P2P programs, you will probably get infected again.

Please uninstall all P2P programs and post a new HijackThis log.

Step 2

The entries below indicate that you have PunkBuster installed:

C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


Please see this link for information regarding PnkBstrA.exe and/or PnkBstrB.exe. and this thread in the Punkbuster Forums. If you have a version older than PB Client version 1.700, then the components could be causing a problem.

Are the new components optional?

Starting with PB Client version 1.700, the new components are required. Uninstalling and/or disabling the new components will cause PunkBuster to stop working correctly and will cause frequent kicking from PunkBuster enabled servers.
  1. If you have a version older than PB Client version 1.700, then the files, PnkBstrA.exe and/or PnkBstrB.exe, could be causing a problem.
  2. If you wish to uninstall the two files, then please download the this application.
  3. Open the program above and click the Uninstall button. This will remove the PnkBstrA.exe and PnkBstrB.exe service.
  4. Some may need to remove the registry entries.
  5. Go to START > RUN. Type regedit.
  6. Search in these parts:
    QUOTE
    HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Services look for PnkBstrA PnkBstrB and PnkBstrK .. just right click on the folder listed on the left and delete.
    HKEY_LOCAL_MACHINE\SYSTEM\Controlset003\Services look for PnkBstrA PnkBstrB and PnkBstrK .. just right click on the folder listed on the left and delete.
  7. PnkBstrK.sys is located in C:\windows\system32\drivers and it is safe to delete.
This is the issue with infections in relation to PunkBuster:

You have installed gaming tools. Some of these, like PunkBuster, use spyware techniques to engage in the anti-piracy battle. In the process, they take control of much of your computer and they actually meet the definition of spyware/malware. They are sometimes designed to prevent orderly removal or modification. It is not likely that your computer could be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games or worse.

Since we are dedicated to causing No Harm, normally, we will not work on computers with this type of program installed. If you want to continue using your computer in this way, you should consider using imaging software like Norton Ghost or Acronis or Terabyte Image which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe. If you really want to clean your computer, I will help, but if you so choose, understand there is NO assurance you will be able to do games afterwards.

Additional Information Regarding PunkBuster Enabled Games:
  • PunkBuster is not considered to be overtly malicious, but it is totally self-serving, even at the expense of user safety, and the risks and tactics that come with its use are not revealed in an open manner.
  • PunkBuster is tracking software which installs a server on the user's computer, establishes unique GUIDs, phones home, and sends screenshots.
  • Permission for PunkBuster to install and perform the tracking is assumed by them to be implicit in any associated gaming software installation. (Automatic installation during a request for something else.) This is characteristic of trojans.
  • PunkBuster appears to install itself secretly without warning on any computer that attempts to play certain online games.
  • There is no regular uninstaller. Why not? (There IS a special uninstaller-see link below.)
  • Some do not view the whole picture as healthy for anything but the game promoters.
  • PunkBuster requires elevated privileges to run on Vista.
  • The PunkBuster home site routinely suggests that users who have problems disable the antivirus applications and firewalls and change settings on their routers.
  • PunkBuster installs a kernel driver. Once you let that happen, the software could do anything it wants.
  • If this software were an application for any other purpose, it would be called unstable and unacceptable (maybe an alpha release?).
  • From a random infection victim, you certainly will never know how many system instabilities have been introduced by the victim's attempts to run PunkBuster games.
  • It is quite clear that some of our tools are not likely to run while PunkBuster is present on the computer. It conflicts with kernel level debuggers and says so.
  • The attitude that the computer should be modified in whatever manner necessary to get PunkBuster to run is not consistent with our site's "Do No Harm" policy.
  • The lack of transparency about how the services and kernel driver work may be necessary for PunkBuster, but it also creates potential difficulty for infections removal.
Some posts from the EvenBalance/PunkBuster home site:
QUOTE
My computer locks up or "chugs" sometimes while I'm playing PunkBuster Enabled, what can cause this?
PunkBuster "pushes" hardware and the Windows Operating System more than most software and uses functions in the Windows API (low level functions) that are not used by most other programs. As such, there are a few cases where using PB can actually expose flaky hardware or other situations that do not causes problems for other software. Here are a few things that have helped other users make these problems get better or go away completely:
  • Make sure you are using the latest version of BunkBuster (the latest version is always on our Download page) - also this link may help manually update your PunkBuster to the latest version when necessary. From the game's main screen, press the tilde key (the ~ key) to bring down the console and enter the following line, /pb_system1.
  • Never close other programs from your Windows Task Manager before playing the game; either leave them running or close them through the proper interface - killing a process does not always work completely even if it stops showing in the Task Manager. Renegade threads seem to conflict with PunkBuster more than other programs that may be running in memory. There is a free utility that some players use called EndItAll2 to close all extra programs before they play to avoid software conflicts, crashes, and lockups.
  • Check the Add Or Remove Programs list in your Control Panel and uninstall any programs that you do not use or that you do not know what they are.
  • One program that seems to conflict with PunkBuster more than others is Norton Antivirus. If you have it installed, try uninstalling it to see if the lockups go away. Some players have reported that when this is the culprit, they can reinstall Norton Antivirus and the lockups do not come back.
  • Other background programs that seem to conflict with PunkBuster for some users are Sound Blaster Live software and helper programs that come with video cards, especially ATI keyboard shortcut programs.
  • Some players discovered that they had a computer virus and that the lockups vanished after it was fully removed.
  • Experiment with the pb_sleep setting, try setting it to 20, 250, or 500 to see if that affects your game performance. A few players have reported that all the problems go away when they "tweak" this setting.
  • In extreme cases, a few users have reported that replacing their RAM (memory) or video/sound cards fixed the problem.

QUOTE
How do I uninstall PunkBuster?
If you do not wish to use PunkBuster any longer, you may remove the entire "pb" folder inside your game folder. By removing this folder, the PunkBuster software will no longer be available. PunkBuster does not save information to other locations on your hard drive nor does it change your system registry. *NOTICE* Starting with PunkBuster client version 1.3000, our new Service components are kept in the Windows folder on the hard drive and they do store information in the registry. We offer a separate program called PBSVC with an uninstall option for our service components. It may be downloaded from here.

QUOTE
My game crashes with an error in pbcl.dll or a General Protection Fault. Why?
This issue can be from a program that conflicts with PunkBuster. There are a few known programs that cause this: [list]
  • Get Right
  • DU Super Controller
  • Macro Toolsworks
  • Girder 3.2
  • PRTG Traffic Grapher
  • CyberCorder: cybrcrdr.exe
  • Paessler Router Traffic Grapher: prtg4.exe
  • 3dnasys.exe
  • mIRCStats
  • Closing those programs or any like them that contain user or kernel level debuggers should stop the problem.

    QUOTE
    Privacy Policy of Even Balance, Inc.
    Due to the unique nature of how PunkBuster software operates, we have developed this Statement to describe our Policy regarding the Privacy of the users of our software. The PunkBuster system is designed specifically to allow users to optionally hold themselves accountable by allowing our software to run in the background on their computer systems while they compete in various forms of multi-player events. Our software is designed to operate in typical client / server fashion using the common Tcp/lp (Internet)protocol. Our software inspects the displayed screen, processes, and files associated with each computer system on which it is running for the purpose of authenticating those systems for play in a "cheat free" environment. The primary purpose of the scanning procedures is to inspect for the purpose of authenticating honest users who wish to compete fairly together. Our inspection procedures consists of three types: 1) validating that only non-hacked original software is being used during multi-player competition. 2) examining files that match the profile (or signature) of known cheating programs, and 3) sending screen captures during game-play. Our software does not, nor will it ever, without the explicit consent of users, make changes to any non-PunkBuster files on users' systems (such consent would be received through a confirmation action within the PunkBuster software and not as part of our Software Terms.) Furthermore, our software will not perform "hard disk scans" looking through large portions of users' directories and/or file systems. Private data is not transmitted by PunkBuster from a user's system to a PunkBuster server - all transmissions from users' systems will be encrypted using randomized keys that are meaningful within the context of providing a mutually agreeable "cheat free" online environment. Screenshots of game-play are not considered private data by PunkBuster. The PunkBuster anti-cheat system will not attempt to permanently retain information about users' systems other than standard logging of connection and authentication / inspection activities. We encourage any and all auditing or monitoring of the activity of our system for the purpose of verifying that our software performs according to this Policy Statement. We will cooperate fully with any party who believes that they have found any case where our system is being or could be used to breach the privacy of the users of our software.

    The primary purpose... What could be a secondary purpose?
    The fact that information sent back to servers is encrypted has nothing to do with Private data being sent.

    Please let me know your decision and post a new HijackThis log.

    Edited by suebaby41, 22 August 2010 - 09:49 AM.

    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

    #5 Bhruic

    Bhruic
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:06:18 AM

    Posted 22 August 2010 - 10:10 AM

    Log after deleting µTorrent, gonna post log after deleting punkbuster in a minute.

    Logfile of random's system information tool 1.08 (written by random/random)
    Run by Owner at 2010-08-22 16:52:15
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 28 GB (6%) free of 477 GB
    Total RAM: 3582 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:52:16, on 22.08.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\Desktop\RSIT.exe
    C:\Program Files\trend micro\Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
    O17 - HKLM\System\CS3\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Gamez\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 6257 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\Driver Robot.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{CF788FA9-2BD5-4460-97CE-B613F3601831}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-13 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-13 79648]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
    "CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-20 45632]
    "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
    "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-16 13680640]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-16 86016]
    "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Steam"=c:\program files\steam\steam.exe [2010-05-07 1238352]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup
    Logitech . Product Registration.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-24 3584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-10-19 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=1
    "NoDesktopCleanupWizard"=1
    "NoSharedDocuments"=1
    "MaxRecentDocs"=18
    "NoSMConfigurePrograms"=1
    "NoRecentDocsNetHood"=1
    "MemCheckBoxInRunDlg"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
    "C:\Gamez\Dragon Age\bin_ship\daorigins.exe"="C:\Gamez\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
    "C:\Gamez\Dragon Age\DAOriginsLauncher.exe"="C:\Gamez\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
    "C:\Gamez\League of Legends\Riot Games\League of Legends\air\LolClient.exe"="C:\Gamez\League of Legends\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
    "C:\Gamez\League of Legends\Riot Games\League of Legends\game\League of Legends.exe"="C:\Gamez\League of Legends\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
    "C:\Gamez\Red Faction Guerrilla\rfg.exe"="C:\Gamez\Red Faction Guerrilla\rfg.exe:*:Enabled:Red Faction: Guerrilla"
    "C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
    "C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe"="C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe:*:Enabled:The Secret of Monkey Island: Special Edition"
    "C:\Gamez\Mass Effect\Binaries\MassEffect.exe"="C:\Gamez\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
    "C:\Gamez\Mass Effect\MassEffectLauncher.exe"="C:\Gamez\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
    "C:\Gamez\Mass Effect 2\Binaries\MassEffect2.exe"="C:\Gamez\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game"
    "C:\Gamez\Mass Effect 2\MassEffect2Launcher.exe"="C:\Gamez\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\Gamez\BFBC2\BFBC2BetaUpdater.exe"="C:\Gamez\BFBC2\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA"
    "C:\Gamez\BioShock 2\SP\Builds\Binaries\Bioshock2.exe"="C:\Gamez\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2"
    "C:\Gamez\BioShock 2\MP\Builds\Binaries\Bioshock2.exe"="C:\Gamez\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer"
    "C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe"="C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe:*:Enabled:Shattered Horizon"
    "C:\Program Files\Steam\steamapps\common\company of heroes\help.htm"="C:\Program Files\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Steam\steamapps\common\men of war\outfront_mp.exe"="C:\Program Files\Steam\steamapps\common\men of war\outfront_mp.exe:*:Enabled:Main executable"
    "C:\Program Files\Steam\steamapps\common\men of war\mow.exe"="C:\Program Files\Steam\steamapps\common\men of war\mow.exe:*:Enabled:Men of War"
    "C:\Program Files\Steam\steamapps\common\men of war\mow_editor.exe"="C:\Program Files\Steam\steamapps\common\men of war\mow_editor.exe:*:Enabled:Men of War"
    "C:\Program Files\Steam\steamapps\preacherboy89\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\preacherboy89\counter-strike source\hl2.exe:*:Enabled:hl2"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe"="C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2"
    "C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2"
    "C:\Program Files\Steam\steamapps\economist89\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\economist89\team fortress 2\hl2.exe:*:Enabled:hl2"
    "C:\Gamez\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Gamez\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
    "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
    "C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
    "C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
    "C:\Gamez\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
    "C:\Gamez\Ubisoft\Assassin's Creed II\server.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\server.exe:*:Enabled:server"
    "C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe"="C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe:*:Enabled:Mount and Blade: Warband"
    "C:\Gamez\Company of Heroes Online\CoHOSeeder.exe"="C:\Gamez\Company of Heroes Online\CoHOSeeder.exe:*:Enabled:Company of Heroes Online Seeder (THQ)"
    "C:\Gamez\Company of Heroes Online\Game\RelicCoHOWW.exe"="C:\Gamez\Company of Heroes Online\Game\RelicCoHOWW.exe:*:Enabled:Company of Heroes Online (THQ)"
    "C:\Gamez\StarCraft II\StarCraft II.exe"="C:\Gamez\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
    "C:\Gamez\StarCraft II\Versions\Base15405\SC2.exe"="C:\Gamez\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
    "C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II"
    "C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
    "C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
    "C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe"="C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes: Opposing Fronts"
    "C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    ======List of files/folders created in the last 1 months======

    2010-08-21 21:09:04 ----D---- C:\Program Files\trend micro
    2010-08-21 21:09:03 ----D---- C:\rsit
    2010-08-14 00:40:29 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
    2010-08-14 00:40:29 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
    2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
    2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
    2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
    2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
    2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
    2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
    2010-08-12 15:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
    2010-08-12 15:37:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
    2010-08-12 15:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
    2010-08-12 15:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
    2010-08-12 15:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
    2010-08-12 15:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
    2010-08-12 15:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
    2010-08-11 23:06:47 ----D---- C:\Program Files\Spybot - Search & Destroy
    2010-08-11 23:06:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-11 21:03:24 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2010-08-11 21:03:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2010-08-11 21:03:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-08-11 21:03:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2010-08-11 21:03:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
    2010-08-11 19:51:08 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-08-11 18:19:11 ----A---- C:\TDSSKiller.2.4.1.1_11.08.2010_18.19.11_log.txt
    2010-08-11 18:16:03 ----D---- C:\Program Files\CCleaner
    2010-08-11 17:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
    2010-08-11 17:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
    2010-08-11 15:27:51 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
    2010-08-11 15:18:36 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2010-07-29 05:47:03 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
    2010-07-29 05:40:04 ----D---- C:\gyargh
    2010-07-29 05:33:46 ----D---- C:\Program Files\Microsoft.NET
    2010-07-24 23:32:19 ----D---- C:\Documents and Settings\All Users\Application Data\LAG
    2010-07-24 23:32:04 ----D---- C:\WINDOWS\11AE680750D24F5982B32C3E695E94C2.TMP

    ======List of files/folders modified in the last 1 months======

    2010-08-22 16:42:23 ----RD---- C:\Program Files
    2010-08-22 16:42:23 ----D---- C:\WINDOWS\Prefetch
    2010-08-22 14:18:56 ----D---- C:\Program Files\Steam
    2010-08-21 14:14:58 ----D---- C:\WINDOWS\Temp
    2010-08-21 14:14:54 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-08-21 14:11:05 ----D---- C:\WINDOWS\system32\drivers
    2010-08-19 20:34:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-08-17 16:38:12 ----D---- C:\WINDOWS\Minidump
    2010-08-17 16:38:12 ----D---- C:\WINDOWS
    2010-08-17 07:44:25 ----D---- C:\Program Files\Mozilla Firefox
    2010-08-15 14:52:14 ----D---- C:\WINDOWS\Microsoft.NET
    2010-08-15 13:24:01 ----D---- C:\WINDOWS\AppPatch
    2010-08-15 13:14:01 ----SHD---- C:\WINDOWS\Installer
    2010-08-14 18:36:47 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-08-14 00:40:45 ----D---- C:\Program Files\NVIDIA Corporation
    2010-08-14 00:40:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2010-08-14 00:40:29 ----D---- C:\WINDOWS\system32
    2010-08-14 00:40:28 ----HD---- C:\WINDOWS\inf
    2010-08-14 00:40:06 ----RSD---- C:\WINDOWS\assembly
    2010-08-14 00:39:37 ----D---- C:\WINDOWS\system32\DirectX
    2010-08-13 02:17:04 ----SHD---- C:\System Volume Information
    2010-08-13 01:28:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2010-08-13 01:28:19 ----SD---- C:\WINDOWS\Tasks
    2010-08-12 15:37:13 ----D---- C:\WINDOWS\system32\dllcache
    2010-08-12 15:37:11 ----HD---- C:\WINDOWS\$hf_mig$
    2010-08-12 15:36:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-08-12 15:35:54 ----D---- C:\WINDOWS\WinSxS
    2010-08-12 15:33:51 ----D---- C:\Program Files\Internet Explorer
    2010-08-11 22:51:24 ----D---- C:\WINDOWS\Sun
    2010-08-11 18:19:48 ----D---- C:\WINDOWS\Debug
    2010-08-10 14:51:55 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
    2010-08-07 16:35:18 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
    2010-08-03 11:09:32 ----A---- C:\WINDOWS\system32\MRT.exe
    2010-08-02 19:59:05 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
    2010-08-01 11:15:42 ----D---- C:\Movies
    2010-07-29 06:07:18 ----D---- C:\Gamez
    2010-07-29 05:33:55 ----D---- C:\WINDOWS\system32\en-US
    2010-07-27 08:28:54 ----A---- C:\WINDOWS\system32\shell32.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-09-29 65024]
    R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-06-25 281760]
    R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-06-25 25888]
    R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-10-19 62848]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
    R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
    R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-16 6305120]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2009-10-19 9472]
    S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
    S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2004-09-09 68229]
    S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-10-19 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-10-19 82944]
    S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-10-19 133632]
    S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-22 691696]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-13 153376]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-16 163908]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-11 75064]
    R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Gamez\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
    S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-10-19 913408]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-19 14848]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

    -----------------EOF-----------------


    #6 Bhruic

    Bhruic
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:06:18 AM

    Posted 22 August 2010 - 10:16 AM

    Ran pbvsc.exe and uninstalled punkbuster. In the registry I only found PnkBstrA in HKEY_LOCAL_MACHINE\SYSTEM\Controlset003\Services - it has been removed. HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Services did not have any of the folders mentioned, and there was no PnkBstrK.sys in C:\windows\system32\drivers

    Logfile of random's system information tool 1.08 (written by random/random)
    Run by Owner at 2010-08-22 17:10:16
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 28 GB (6%) free of 477 GB
    Total RAM: 3582 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:10:19, on 22.08.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\Desktop\RSIT.exe
    C:\Program Files\trend micro\Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
    O17 - HKLM\System\CS3\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Gamez\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6147 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\Driver Robot.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{CF788FA9-2BD5-4460-97CE-B613F3601831}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-13 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-13 79648]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
    "CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-20 45632]
    "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
    "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-16 13680640]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-16 86016]
    "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Steam"=c:\program files\steam\steam.exe [2010-05-07 1238352]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup
    Logitech . Product Registration.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-24 3584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-10-19 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=1
    "NoDesktopCleanupWizard"=1
    "NoSharedDocuments"=1
    "MaxRecentDocs"=18
    "NoSMConfigurePrograms"=1
    "NoRecentDocsNetHood"=1
    "MemCheckBoxInRunDlg"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
    "C:\Gamez\Dragon Age\bin_ship\daorigins.exe"="C:\Gamez\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
    "C:\Gamez\Dragon Age\DAOriginsLauncher.exe"="C:\Gamez\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
    "C:\Gamez\League of Legends\Riot Games\League of Legends\air\LolClient.exe"="C:\Gamez\League of Legends\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
    "C:\Gamez\League of Legends\Riot Games\League of Legends\game\League of Legends.exe"="C:\Gamez\League of Legends\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
    "C:\Gamez\Red Faction Guerrilla\rfg.exe"="C:\Gamez\Red Faction Guerrilla\rfg.exe:*:Enabled:Red Faction: Guerrilla"
    "C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
    "C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe"="C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe:*:Enabled:The Secret of Monkey Island: Special Edition"
    "C:\Gamez\Mass Effect\Binaries\MassEffect.exe"="C:\Gamez\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
    "C:\Gamez\Mass Effect\MassEffectLauncher.exe"="C:\Gamez\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
    "C:\Gamez\Mass Effect 2\Binaries\MassEffect2.exe"="C:\Gamez\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game"
    "C:\Gamez\Mass Effect 2\MassEffect2Launcher.exe"="C:\Gamez\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\Gamez\BFBC2\BFBC2BetaUpdater.exe"="C:\Gamez\BFBC2\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA"
    "C:\Gamez\BioShock 2\SP\Builds\Binaries\Bioshock2.exe"="C:\Gamez\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2"
    "C:\Gamez\BioShock 2\MP\Builds\Binaries\Bioshock2.exe"="C:\Gamez\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer"
    "C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe"="C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe:*:Enabled:Shattered Horizon"
    "C:\Program Files\Steam\steamapps\common\company of heroes\help.htm"="C:\Program Files\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Steam\steamapps\common\men of war\outfront_mp.exe"="C:\Program Files\Steam\steamapps\common\men of war\outfront_mp.exe:*:Enabled:Main executable"
    "C:\Program Files\Steam\steamapps\common\men of war\mow.exe"="C:\Program Files\Steam\steamapps\common\men of war\mow.exe:*:Enabled:Men of War"
    "C:\Program Files\Steam\steamapps\common\men of war\mow_editor.exe"="C:\Program Files\Steam\steamapps\common\men of war\mow_editor.exe:*:Enabled:Men of War"
    "C:\Program Files\Steam\steamapps\preacherboy89\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\preacherboy89\counter-strike source\hl2.exe:*:Enabled:hl2"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe"="C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2"
    "C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm"="C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2"
    "C:\Program Files\Steam\steamapps\economist89\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\economist89\team fortress 2\hl2.exe:*:Enabled:hl2"
    "C:\Gamez\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Gamez\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
    "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
    "C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
    "C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
    "C:\Gamez\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
    "C:\Gamez\Ubisoft\Assassin's Creed II\server.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\server.exe:*:Enabled:server"
    "C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe"="C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe:*:Enabled:Mount and Blade: Warband"
    "C:\Gamez\Company of Heroes Online\CoHOSeeder.exe"="C:\Gamez\Company of Heroes Online\CoHOSeeder.exe:*:Enabled:Company of Heroes Online Seeder (THQ)"
    "C:\Gamez\Company of Heroes Online\Game\RelicCoHOWW.exe"="C:\Gamez\Company of Heroes Online\Game\RelicCoHOWW.exe:*:Enabled:Company of Heroes Online (THQ)"
    "C:\Gamez\StarCraft II\StarCraft II.exe"="C:\Gamez\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
    "C:\Gamez\StarCraft II\Versions\Base15405\SC2.exe"="C:\Gamez\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
    "C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II"
    "C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
    "C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
    "C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe"="C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes: Opposing Fronts"
    "C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    ======List of files/folders created in the last 1 months======

    2010-08-22 17:01:33 ----A---- C:\WINDOWS\system32\pbsvc[1].exe
    2010-08-21 21:09:04 ----D---- C:\Program Files\trend micro
    2010-08-21 21:09:03 ----D---- C:\rsit
    2010-08-14 00:40:29 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
    2010-08-14 00:40:29 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
    2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
    2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
    2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
    2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
    2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
    2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
    2010-08-12 15:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
    2010-08-12 15:37:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
    2010-08-12 15:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
    2010-08-12 15:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
    2010-08-12 15:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
    2010-08-12 15:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
    2010-08-12 15:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
    2010-08-11 23:06:47 ----D---- C:\Program Files\Spybot - Search & Destroy
    2010-08-11 23:06:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-11 21:03:24 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2010-08-11 21:03:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2010-08-11 21:03:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-08-11 21:03:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2010-08-11 21:03:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
    2010-08-11 19:51:08 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-08-11 18:19:11 ----A---- C:\TDSSKiller.2.4.1.1_11.08.2010_18.19.11_log.txt
    2010-08-11 18:16:03 ----D---- C:\Program Files\CCleaner
    2010-08-11 17:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
    2010-08-11 17:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
    2010-08-11 15:27:51 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
    2010-08-11 15:18:36 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2010-07-29 05:47:03 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
    2010-07-29 05:40:04 ----D---- C:\gyargh
    2010-07-29 05:33:46 ----D---- C:\Program Files\Microsoft.NET
    2010-07-24 23:32:19 ----D---- C:\Documents and Settings\All Users\Application Data\LAG
    2010-07-24 23:32:04 ----D---- C:\WINDOWS\11AE680750D24F5982B32C3E695E94C2.TMP

    ======List of files/folders modified in the last 1 months======

    2010-08-22 17:03:10 ----D---- C:\WINDOWS\Prefetch
    2010-08-22 17:01:33 ----D---- C:\WINDOWS\system32\drivers
    2010-08-22 17:01:33 ----D---- C:\WINDOWS\system32
    2010-08-22 16:42:23 ----RD---- C:\Program Files
    2010-08-22 14:18:56 ----D---- C:\Program Files\Steam
    2010-08-21 14:14:58 ----D---- C:\WINDOWS\Temp
    2010-08-21 14:14:54 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-08-19 20:34:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-08-17 16:38:12 ----D---- C:\WINDOWS\Minidump
    2010-08-17 16:38:12 ----D---- C:\WINDOWS
    2010-08-17 07:44:25 ----D---- C:\Program Files\Mozilla Firefox
    2010-08-15 14:52:14 ----D---- C:\WINDOWS\Microsoft.NET
    2010-08-15 13:24:01 ----D---- C:\WINDOWS\AppPatch
    2010-08-15 13:14:01 ----SHD---- C:\WINDOWS\Installer
    2010-08-14 18:36:47 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-08-14 00:40:45 ----D---- C:\Program Files\NVIDIA Corporation
    2010-08-14 00:40:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2010-08-14 00:40:28 ----HD---- C:\WINDOWS\inf
    2010-08-14 00:40:06 ----RSD---- C:\WINDOWS\assembly
    2010-08-14 00:39:37 ----D---- C:\WINDOWS\system32\DirectX
    2010-08-13 02:17:04 ----SHD---- C:\System Volume Information
    2010-08-13 01:28:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2010-08-13 01:28:19 ----SD---- C:\WINDOWS\Tasks
    2010-08-12 15:37:13 ----D---- C:\WINDOWS\system32\dllcache
    2010-08-12 15:37:11 ----HD---- C:\WINDOWS\$hf_mig$
    2010-08-12 15:36:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-08-12 15:35:54 ----D---- C:\WINDOWS\WinSxS
    2010-08-12 15:33:51 ----D---- C:\Program Files\Internet Explorer
    2010-08-11 22:51:24 ----D---- C:\WINDOWS\Sun
    2010-08-11 18:19:48 ----D---- C:\WINDOWS\Debug
    2010-08-10 14:51:55 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
    2010-08-07 16:35:18 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
    2010-08-03 11:09:32 ----A---- C:\WINDOWS\system32\MRT.exe
    2010-08-02 19:59:05 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
    2010-08-01 11:15:42 ----D---- C:\Movies
    2010-07-29 06:07:18 ----D---- C:\Gamez
    2010-07-29 05:33:55 ----D---- C:\WINDOWS\system32\en-US
    2010-07-27 08:28:54 ----A---- C:\WINDOWS\system32\shell32.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-09-29 65024]
    R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-06-25 281760]
    R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-06-25 25888]
    R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-10-19 62848]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
    R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
    R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-16 6305120]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2009-10-19 9472]
    S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
    S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2004-09-09 68229]
    S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-10-19 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-10-19 82944]
    S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-10-19 133632]
    S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-22 691696]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-13 153376]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-16 163908]
    R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Gamez\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
    S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-10-19 913408]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-19 14848]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

    -----------------EOF-----------------


    #7 suebaby41

    suebaby41

      W.A.M. (Women Against Malware)


    • Malware Response Team
    • 6,248 posts
    • OFFLINE
    •  
    • Gender:Female
    • Location:South Carolina, USA
    • Local time:12:18 AM

    Posted 22 August 2010 - 04:47 PM

    Step 1

    Often redirection is caused by a DNS and Hosts file hijack. Flush and restore both.

    Clean Hosts File
      * Access folder C:\WINDOWS\SYSTEM32\DRIVERS\ETC in Explorer.
    1. Open file HOSTS in Notepad . Before making changes, do a Save As and save a backup of this file as HOSTS.BAK .
    2. Reopen the HOSTS file.
    3. Delete all entries in this file except for the following and any other entries you are sure have legitimate uses:

      127.0.0.1 localhost
    4. Save the file.
    Note: If you use customized Hosts Files such as the mvps hosts file, you will need to download and install it again. Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE.

    Step 2

    Flush DNS:
    1. Open up a command prompt Start > Run > "cmd.exe" > OK.
    2. Type in the command ipconfig /flushdns.
    Step 3

    Prior to using this program, please back up your data:

    There are several free Backup Programs. Please decide for yourself which one meets your needs. Use at your own risk. You can check out other BackUp Programs at the sites below:Step 4

    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
    • Copy and paste the contents of that file in your next reply.
    Please post a new HijackThis log.
    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

    #8 Bhruic

    Bhruic
    • Topic Starter

    • Members
    • 5 posts
    • OFFLINE
    •  
    • Local time:06:18 AM

    Posted 24 August 2010 - 12:53 PM

    Was a bit skeptical about trying TDSSKiller since I had used it 13 days ago without any success, as I mentioned in my first post . But apparently they updated it on the 16th (2.4.1.2 as opposed to 2.4.1.1) and it managed to find the malware Backdoor.Win32.Sinowal.knf and remedied my problems. Here are the logs anyway. Thanks for your help.

    2010/08/23 00:25:40.0140 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
    2010/08/23 00:25:40.0140 ================================================================================
    2010/08/23 00:25:40.0140 SystemInfo:
    2010/08/23 00:25:40.0140
    2010/08/23 00:25:40.0140 OS Version: 5.1.2600 ServicePack: 3.0
    2010/08/23 00:25:40.0140 Product type: Workstation
    2010/08/23 00:25:40.0140 ComputerName: ANONYMOUS
    2010/08/23 00:25:40.0140 UserName: Owner
    2010/08/23 00:25:40.0140 Windows directory: C:\WINDOWS
    2010/08/23 00:25:40.0140 System windows directory: C:\WINDOWS
    2010/08/23 00:25:40.0140 Processor architecture: Intel x86
    2010/08/23 00:25:40.0140 Number of processors: 4
    2010/08/23 00:25:40.0140 Page size: 0x1000
    2010/08/23 00:25:40.0140 Boot type: Normal boot
    2010/08/23 00:25:40.0140 ================================================================================
    2010/08/23 00:25:40.0546 Initialize success
    2010/08/23 00:26:37.0921 ================================================================================
    2010/08/23 00:26:37.0921 Scan started
    2010/08/23 00:26:37.0921 Mode: Manual;
    2010/08/23 00:26:37.0921 ================================================================================
    2010/08/23 00:26:43.0687 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/08/23 00:26:44.0734 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/08/23 00:26:46.0796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/08/23 00:26:47.0828 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
    2010/08/23 00:26:57.0218 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/08/23 00:26:58.0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/08/23 00:27:00.0390 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
    2010/08/23 00:27:01.0421 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/08/23 00:27:02.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/08/23 00:27:03.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/08/23 00:27:04.0562 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/08/23 00:27:06.0921 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/08/23 00:27:07.0968 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/08/23 00:27:08.0984 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/08/23 00:27:15.0234 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/08/23 00:27:16.0296 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/08/23 00:27:17.0359 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/08/23 00:27:18.0406 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/08/23 00:27:19.0437 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/08/23 00:27:21.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/08/23 00:27:22.0546 DumpDrv (b327281012b48bd73f587799f9f29be2) C:\WINDOWS\system32\drivers\DumpDrv.sys
    2010/08/23 00:27:23.0593 ET5Drv (e5030e34de21a6818e8586bfb7dd4b60) C:\WINDOWS\system32\Drivers\ET5Drv.sys
    2010/08/23 00:27:24.0640 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
    2010/08/23 00:27:25.0687 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/08/23 00:27:26.0765 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/08/23 00:27:27.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/08/23 00:27:28.0859 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/08/23 00:27:29.0875 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/08/23 00:27:30.0875 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/08/23 00:27:31.0875 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/08/23 00:27:32.0046 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
    2010/08/23 00:27:32.0937 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/08/23 00:27:33.0984 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/08/23 00:27:35.0046 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/08/23 00:27:37.0062 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/08/23 00:27:40.0187 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/08/23 00:27:41.0218 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/08/23 00:27:43.0484 IntcAzAudAddService (c282875880df189c64c465fc54a0150a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/08/23 00:27:45.0703 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/08/23 00:27:46.0734 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/08/23 00:27:47.0765 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/08/23 00:27:48.0781 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/08/23 00:27:49.0812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/08/23 00:27:50.0843 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/08/23 00:27:52.0218 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/08/23 00:27:53.0265 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/08/23 00:27:54.0312 JRAID (ab95b2ddb49f6b6cf52625e56c1f1f71) C:\WINDOWS\system32\DRIVERS\jraid.sys
    2010/08/23 00:27:55.0328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/08/23 00:27:56.0375 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/08/23 00:27:57.0406 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/08/23 00:27:58.0453 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    2010/08/23 00:27:59.0593 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
    2010/08/23 00:28:01.0625 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    2010/08/23 00:28:02.0687 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
    2010/08/23 00:28:03.0718 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    2010/08/23 00:28:04.0765 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
    2010/08/23 00:28:05.0781 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/08/23 00:28:06.0812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/08/23 00:28:07.0843 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/08/23 00:28:08.0890 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/08/23 00:28:10.0937 MRxDAV (6a7c4ac5b52155115dee97995c1cf157) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/08/23 00:28:12.0000 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/08/23 00:28:13.0062 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/08/23 00:28:14.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/08/23 00:28:15.0156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/08/23 00:28:16.0156 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/08/23 00:28:17.0171 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/08/23 00:28:18.0156 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/08/23 00:28:19.0156 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/08/23 00:28:20.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/08/23 00:28:21.0187 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/08/23 00:28:22.0187 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/08/23 00:28:23.0218 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/08/23 00:28:24.0250 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/08/23 00:28:25.0265 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/08/23 00:28:26.0312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/08/23 00:28:27.0343 Ntfs (ae8cad8f28db13b515a68510a539b0b8) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/08/23 00:28:28.0390 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/08/23 00:28:29.0671 nv (90a2fe4b6e558e05e88e4517001a33ea) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/08/23 00:28:30.0921 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/08/23 00:28:31.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/08/23 00:28:32.0984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/08/23 00:28:34.0000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/08/23 00:28:35.0031 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/08/23 00:28:36.0062 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/08/23 00:28:38.0078 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/08/23 00:28:39.0093 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/08/23 00:28:46.0234 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/08/23 00:28:47.0281 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/08/23 00:28:48.0343 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/08/23 00:28:49.0343 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/08/23 00:28:55.0703 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/08/23 00:28:56.0750 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/08/23 00:28:57.0796 RasPppoe (2c9d4620a0fd35de1828370b392f6e2d) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/08/23 00:28:58.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/08/23 00:28:59.0859 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/08/23 00:29:00.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/08/23 00:29:01.0890 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/08/23 00:29:02.0937 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/08/23 00:29:03.0953 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/08/23 00:29:05.0000 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
    2010/08/23 00:29:06.0015 RTLE8023xp (36ada62330c31ad314e4a26b815fc485) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2010/08/23 00:29:07.0062 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/08/23 00:29:08.0125 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/08/23 00:29:09.0109 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/08/23 00:29:10.0171 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/08/23 00:29:13.0218 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/08/23 00:29:14.0281 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
    2010/08/23 00:29:15.0343 SR (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/08/23 00:29:16.0390 Srv (422e4508508015c7d12f40bf9763f158) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/08/23 00:29:17.0437 StMp3Rec (bc04d165db2aac42b73df01b913c625b) C:\WINDOWS\system32\Drivers\StMp3Rec.sys
    2010/08/23 00:29:18.0453 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/08/23 00:29:19.0484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/08/23 00:29:24.0609 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/08/23 00:29:25.0656 Tcpip (ba8c046d98345129723e6bcaa1e8ab99) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/08/23 00:29:26.0687 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/08/23 00:29:27.0703 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/08/23 00:29:28.0734 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/08/23 00:29:30.0828 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
    2010/08/23 00:29:31.0875 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/08/23 00:29:33.0015 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
    2010/08/23 00:29:34.0046 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/08/23 00:29:35.0109 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/08/23 00:29:36.0156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/08/23 00:29:37.0187 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/08/23 00:29:38.0234 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/08/23 00:29:39.0250 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/08/23 00:29:41.0265 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/08/23 00:29:42.0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/08/23 00:29:43.0375 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2010/08/23 00:29:45.0437 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/08/23 00:29:46.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/08/23 00:29:47.0593 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/08/23 00:29:47.0625 \HardDisk0\MBR - detected Backdoor.Win32.Sinowal.knf (0)
    2010/08/23 00:29:47.0625 ================================================================================
    2010/08/23 00:29:47.0625 Scan finished
    2010/08/23 00:29:47.0625 ================================================================================
    2010/08/23 00:29:47.0656 Detected object count: 1
    2010/08/23 00:30:47.0593 \HardDisk0\MBR - will be cured after reboot
    2010/08/23 00:30:47.0593 Backdoor.Win32.Sinowal.knf(\HardDisk0\MBR) - User select action: Cure
    2010/08/23 00:30:56.0671 Deinitialize success


    Logfile of random's system information tool 1.08 (written by random/random)
    Run by Owner at 2010-08-24 19:43:32
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 40 GB (8%) free of 477 GB
    Total RAM: 3582 MB (86% free)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:43:36, on 24.08.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\Desktop\RSIT.exe
    C:\Program Files\trend micro\Owner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
    O17 - HKLM\System\CS3\Services\Tcpip\..\{3A2641BA-64CA-4D13-B7F7-798C0F9E37FD}: NameServer = 192.168.0.254
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Gamez\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6049 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\Driver Robot.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{CF788FA9-2BD5-4460-97CE-B613F3601831}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-13 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-13 79648]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
    "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
    "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
    "CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-20 45632]
    "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
    "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-16 13680640]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-16 86016]
    "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Steam"=c:\program files\steam\steam.exe [2010-08-24 1242448]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

    C:\Documents and Settings\Owner\Start Menu\Programs\Startup
    Logitech . Product Registration.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-24 3584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-10-19 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=1
    "NoDesktopCleanupWizard"=1
    "NoSharedDocuments"=1
    "MaxRecentDocs"=18
    "NoSMConfigurePrograms"=1
    "NoRecentDocsNetHood"=1
    "MemCheckBoxInRunDlg"=1

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
    "C:\Gamez\Dragon Age\bin_ship\daorigins.exe"="C:\Gamez\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
    "C:\Gamez\Dragon Age\DAOriginsLauncher.exe"="C:\Gamez\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
    "C:\Gamez\League of Legends\Riot Games\League of Legends\air\LolClient.exe"="C:\Gamez\League of Legends\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
    "C:\Gamez\League of Legends\Riot Games\League of Legends\game\League of Legends.exe"="C:\Gamez\League of Legends\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
    "C:\Gamez\Red Faction Guerrilla\rfg.exe"="C:\Gamez\Red Faction Guerrilla\rfg.exe:*:Enabled:Red Faction: Guerrilla"
    "C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
    "C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe"="C:\Program Files\Steam\steamapps\common\the secret of monkey island special edition\MISE.exe:*:Enabled:The Secret of Monkey Island: Special Edition"
    "C:\Gamez\Mass Effect\Binaries\MassEffect.exe"="C:\Gamez\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
    "C:\Gamez\Mass Effect\MassEffectLauncher.exe"="C:\Gamez\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
    "C:\Gamez\Mass Effect 2\Binaries\MassEffect2.exe"="C:\Gamez\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Game"
    "C:\Gamez\Mass Effect 2\MassEffect2Launcher.exe"="C:\Gamez\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Launcher"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\Gamez\BFBC2\BFBC2BetaUpdater.exe"="C:\Gamez\BFBC2\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA"
    "C:\Gamez\BioShock 2\SP\Builds\Binaries\Bioshock2.exe"="C:\Gamez\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2"
    "C:\Gamez\BioShock 2\MP\Builds\Binaries\Bioshock2.exe"="C:\Gamez\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer"
    "C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe"="C:\Program Files\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe:*:Enabled:Shattered Horizon"
    "C:\Program Files\Steam\steamapps\common\company of heroes\help.htm"="C:\Program Files\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Steam\steamapps\common\men of war\outfront_mp.exe"="C:\Program Files\Steam\steamapps\common\men of war\outfront_mp.exe:*:Enabled:Main executable"
    "C:\Program Files\Steam\steamapps\common\men of war\mow.exe"="C:\Program Files\Steam\steamapps\common\men of war\mow.exe:*:Enabled:Men of War"
    "C:\Program Files\Steam\steamapps\common\men of war\mow_editor.exe"="C:\Program Files\Steam\steamapps\common\men of war\mow_editor.exe:*:Enabled:Men of War"
    "C:\Program Files\Steam\steamapps\preacherboy89\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\preacherboy89\counter-strike source\hl2.exe:*:Enabled:hl2"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\Steam\steamapps\economist89\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\economist89\team fortress 2\hl2.exe:*:Enabled:hl2"
    "C:\Gamez\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Gamez\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
    "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
    "C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
    "C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
    "C:\Gamez\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
    "C:\Gamez\Ubisoft\Assassin's Creed II\server.exe"="C:\Gamez\Ubisoft\Assassin's Creed II\server.exe:*:Enabled:server"
    "C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe"="C:\Program Files\Steam\steamapps\common\mountblade warband\mb_warband.exe:*:Enabled:Mount and Blade: Warband"
    "C:\Gamez\Company of Heroes Online\CoHOSeeder.exe"="C:\Gamez\Company of Heroes Online\CoHOSeeder.exe:*:Enabled:Company of Heroes Online Seeder (THQ)"
    "C:\Gamez\Company of Heroes Online\Game\RelicCoHOWW.exe"="C:\Gamez\Company of Heroes Online\Game\RelicCoHOWW.exe:*:Enabled:Company of Heroes Online (THQ)"
    "C:\Gamez\StarCraft II\StarCraft II.exe"="C:\Gamez\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
    "C:\Gamez\StarCraft II\Versions\Base15405\SC2.exe"="C:\Gamez\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
    "C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II"
    "C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe"="C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes: Opposing Fronts"
    "C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
    "C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
    "C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    ======List of files/folders created in the last 1 months======

    2010-08-24 17:09:35 ----D---- C:\Documents and Settings\Owner\Application Data\U3
    2010-08-23 00:25:40 ----A---- C:\TDSSKiller.2.4.1.2_23.08.2010_00.25.40_log.txt
    2010-08-22 17:01:33 ----A---- C:\WINDOWS\system32\pbsvc[1].exe
    2010-08-21 21:09:04 ----D---- C:\Program Files\trend micro
    2010-08-21 21:09:03 ----D---- C:\rsit
    2010-08-14 00:40:29 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
    2010-08-14 00:40:29 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
    2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
    2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
    2010-08-14 00:40:28 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
    2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
    2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
    2010-08-14 00:40:27 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
    2010-08-14 00:40:26 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
    2010-08-12 15:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
    2010-08-12 15:37:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
    2010-08-12 15:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
    2010-08-12 15:36:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
    2010-08-12 15:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
    2010-08-12 15:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
    2010-08-12 15:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
    2010-08-11 23:06:47 ----D---- C:\Program Files\Spybot - Search & Destroy
    2010-08-11 23:06:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-11 21:03:24 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2010-08-11 21:03:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2010-08-11 21:03:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-08-11 21:03:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2010-08-11 21:03:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
    2010-08-11 19:51:08 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-08-11 18:19:11 ----A---- C:\TDSSKiller.2.4.1.1_11.08.2010_18.19.11_log.txt
    2010-08-11 18:16:03 ----D---- C:\Program Files\CCleaner
    2010-08-11 17:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
    2010-08-11 17:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
    2010-08-11 15:27:51 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
    2010-08-11 15:18:36 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2010-07-29 05:47:03 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
    2010-07-29 05:40:04 ----D---- C:\gyargh
    2010-07-29 05:33:46 ----D---- C:\Program Files\Microsoft.NET

    ======List of files/folders modified in the last 1 months======

    2010-08-24 17:49:29 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
    2010-08-24 17:12:16 ----D---- C:\WINDOWS\Prefetch
    2010-08-24 17:09:16 ----HD---- C:\WINDOWS\inf
    2010-08-24 17:09:14 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-08-24 13:06:45 ----D---- C:\Program Files\Steam
    2010-08-24 07:30:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-08-23 00:50:08 ----D---- C:\Program Files\Mozilla Firefox
    2010-08-23 00:33:02 ----D---- C:\WINDOWS\Temp
    2010-08-23 00:32:56 ----D---- C:\WINDOWS\system32\drivers
    2010-08-22 17:01:33 ----D---- C:\WINDOWS\system32
    2010-08-22 16:42:23 ----RD---- C:\Program Files
    2010-08-17 16:38:12 ----D---- C:\WINDOWS\Minidump
    2010-08-17 16:38:12 ----D---- C:\WINDOWS
    2010-08-15 14:52:14 ----D---- C:\WINDOWS\Microsoft.NET
    2010-08-15 13:24:01 ----D---- C:\WINDOWS\AppPatch
    2010-08-15 13:14:01 ----SHD---- C:\WINDOWS\Installer
    2010-08-14 18:36:47 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-08-14 00:40:45 ----D---- C:\Program Files\NVIDIA Corporation
    2010-08-14 00:40:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2010-08-14 00:40:06 ----RSD---- C:\WINDOWS\assembly
    2010-08-14 00:39:37 ----D---- C:\WINDOWS\system32\DirectX
    2010-08-13 02:17:04 ----SHD---- C:\System Volume Information
    2010-08-13 01:28:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2010-08-13 01:28:19 ----SD---- C:\WINDOWS\Tasks
    2010-08-12 15:37:13 ----D---- C:\WINDOWS\system32\dllcache
    2010-08-12 15:37:11 ----HD---- C:\WINDOWS\$hf_mig$
    2010-08-12 15:36:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-08-12 15:35:54 ----D---- C:\WINDOWS\WinSxS
    2010-08-12 15:33:51 ----D---- C:\Program Files\Internet Explorer
    2010-08-11 22:51:24 ----D---- C:\WINDOWS\Sun
    2010-08-11 18:19:48 ----D---- C:\WINDOWS\Debug
    2010-08-07 16:35:18 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
    2010-08-03 11:09:32 ----A---- C:\WINDOWS\system32\MRT.exe
    2010-08-02 19:59:05 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
    2010-08-01 11:15:42 ----D---- C:\Movies
    2010-07-29 06:07:18 ----D---- C:\Gamez
    2010-07-29 05:33:55 ----D---- C:\WINDOWS\system32\en-US
    2010-07-27 08:28:54 ----A---- C:\WINDOWS\system32\shell32.dll

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-09-29 65024]
    R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-06-25 281760]
    R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-06-25 25888]
    R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-10-19 62848]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
    R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
    R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-16 6305120]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2009-10-19 9472]
    S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
    S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2004-09-09 68229]
    S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-10-19 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-10-19 82944]
    S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-10-19 133632]
    S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-22 691696]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-13 153376]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-16 163908]
    R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Gamez\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
    S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-10-19 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-19 14848]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

    -----------------EOF-----------------


    #9 suebaby41

    suebaby41

      W.A.M. (Women Against Malware)


    • Malware Response Team
    • 6,248 posts
    • OFFLINE
    •  
    • Gender:Female
    • Location:South Carolina, USA
    • Local time:12:18 AM

    Posted 27 August 2010 - 10:10 AM

    I have some bad news for you. Your computer is seriously infected.

    Unfortunately, one or more of the identified infections is a Backdoor.Win32.Sinowal.knf, Rootkit/backdoor trojan.

    IMPORTANT NOTE: Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

    If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised, please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    Although the rootkit has been identified and may be removed, your computer has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed, the computer is secure. In some instances, an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is another hidden piece of malware which has not been detected by your security tools that protects malicious files and registry keys (which have been detected) so they cannot be permanently deleted. The malware may leave so many remnants behind that security tools cannot find them. Most experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
    When should I re-format? How should I reinstall?
    Help: I Got Hacked. Now What Do I Do?
    Where to draw the line? When to recommend a format and reinstall?

    I strongly recommend that you reformat your computer. Even if we were able to clean the computer of some of the infections, your computer is not trustworthy and the removal of all affected files may not be successful.
    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

    #10 suebaby41

    suebaby41

      W.A.M. (Women Against Malware)


    • Malware Response Team
    • 6,248 posts
    • OFFLINE
    •  
    • Gender:Female
    • Location:South Carolina, USA
    • Local time:12:18 AM

    Posted 03 September 2010 - 07:30 AM

    This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users