MBAM scan results:
Malwarebytes' Anti-Malware 1.40
Database version: 2641
Windows 5.1.2600 Service Pack 2
17/08/2009 18:46:46
mbam-log-2009-08-17 (18-46-46).txt
Scan type: Full Scan (C:\|D:\|E:\|H:\|J:\|)
Objects scanned: 420432
Time elapsed: 1 hour(s), 9 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Marvin Kosh\Local Settings\Application Data\Mozilla\Firefox\Profiles\eotgj80h.default\Cache\E569C25Cd01 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Stardock\Object Desktop\SKS\wise_post.exe (Trojan.BHO) -> Not selected for removal.
C:\Program Files\Stardock\SmartException\wise_post.exe (Trojan.BHO) -> Not selected for removal.
H:\Games\GalCiv2\Twilight\ta_post.exe (Trojan.BHO) -> Not selected for removal.
J:\My Downloads\Suspicious Files\LogonStudio_public.exe (Trojan.BHO) -> Not selected for removal.
J:\My Downloads\Suspicious Files\gimp-2.6.1-i686-setup.exe (Rogue.Installer) -> Not selected for removal.
I opted to remove the first item because the previous two infections used Firefox's Local Settings folder. The other items are either part of the installations of legitimate programs, or can be removed and redownloaded cleanly later on, so I didn't do anything with them yet.
Results of screen317's Security Check version 0.98.8
Windows XP Service Pack 2
Out of date service pack!! ``````````````````````````````
Antivirus/Firewall Check: Windows Firewall Disabled!
avast! Antivirus
AVG 8.5
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Antivirus up to date! (On Access scanning
disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check: Out of date Spybot installed! Ad-Aware
Spybot - Search & Destroy 1.5.2.20
Spybot - Search & Destroy
Malwarebytes' Anti-Malware
ThreatFire
HijackThis 2.0.2
Microsoft VM for Java
Java(TM) 6 Update 12
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Out of date Java installed! Adobe Reader 9.1.3
``````````````````````````````
Process Check:
objlist.exe by Laurent Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled! ``````````````````````````````
DNS Vulnerability Check: GREAT! (Very random)
`````````End of Log```````````N.B. Comodo Firewall is installed. avast! On-Access scanner and Ad-Watch Live are enabled. And I guess I must have an old version of Spybot kicking around but that's not the one I use.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Marvin Kosh at 2009-08-17 22:26:12
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (29%) free of 30 GB
Total RAM: 1023 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:04, on 17/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
D:\Applications\Mozilla Firefox\firefox.exe
J:\My Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Marvin Kosh.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Arucer] rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [WindowBlinds] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBInstall32.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://a248.e.akamai.netO15 - Trusted Zone:
http://*.bitedefender.co.ukO15 - Trusted Zone:
http://ssl-hints.netflame.ccO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se5483.cabO20 - AppInit_DLLs: wbsys.dll ,C:\DOCUME~1\MARVIN~1.OMN\LOCALS~1\Temp\35138mja.dll C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files\Stardock\Fences\DesktopDock.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
--
End of file - 6957 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
C:\WINDOWS\tasks\Check e-mail.job
C:\WINDOWS\tasks\DefragC.job
C:\WINDOWS\tasks\DefragD.job
C:\WINDOWS\tasks\DefragE.job
C:\WINDOWS\tasks\DefragH.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
CoTGT_BHO Class - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-18 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-18 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"Arucer"=rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer []
"ScanSoft OmniPage SE 4.0-reminder"=C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe -r C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini []
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2007-04-11 40960]
"LogonStudio"=C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2009-06-19 259344]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-08-13 1793808]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-08-16 520024]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"=C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe [2007-05-22 521128]
"WindowBlinds"=C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBInstall32.exe [2008-04-28 99752]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-02 203416]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-23 1948440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boinc]
C:\Program Files\BOINC\boincmgr.exe [2007-07-04 3846912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtxfiReg]
CTXFIREG.exe /FAIL1 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Email Notifier]
D:\Applications\NT Email Notifier\NTEmailNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartException]
C:\Program Files\Stardock\SmartException\SmartEx.exe [2006-11-14 87728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-18 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^BOINC Manager.lnk]
C:\PROGRA~1\BOINC\boincmgr.exe [2007-07-04 3846912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^ImpulseNow.lnk]
C:\PROGRA~1\Stardock\Impulse\Now\IMPULS~1.EXE [2009-07-29 365872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^UltraMon.lnk]
C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Microsoft\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico /auto []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3
"JavaQuickStarterService"=2
"Ati HotKey Poller"=2
"SQLWriter"=3
"MSSQL$SQLEXPRESS"=3
"avg8wd"=2
"avg8emc"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll ,C:\DOCUME~1\MARVIN~1.OMN\LOCALS~1\Temp\35138mja.dll C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2009-02-10 204080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files\Stardock\Fences\DesktopDock.dll [2009-03-18 521576]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceStartMenuLogOff"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"H:\Games\Neverwinter Nights 2\nwn2main.exe"="H:\Games\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"H:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe"="H:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"H:\Games\Neverwinter Nights 2\nwupdate.exe"="H:\Games\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"H:\Games\Neverwinter Nights 2\nwn2server.exe"="H:\Games\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"H:\Games\Battle for Middle-earth II\game.dat"="H:\Games\Battle for Middle-earth II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"J:\Games\NWN 2\nwn2main.exe"="J:\Games\NWN 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"J:\Games\NWN 2\nwn2main_amdxp.exe"="J:\Games\NWN 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"J:\Games\NWN 2\nwupdate.exe"="J:\Games\NWN 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"J:\Games\NWN 2\nwn2server.exe"="J:\Games\NWN 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"D:\Applications\Ventrilo\Ventrilo.exe"="D:\Applications\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{559954fe-a061-11dc-8e02-00000000a666}]
shell\AutoRun\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{559954ff-a061-11dc-8e02-00000000a666}]
shell\AutoRun\command - J:\Autorun.exe
======List of files/folders created in the last 1 months======
2009-08-17 22:26:12 ----D---- C:\rsit
2009-08-16 10:55:38 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-08-15 18:08:02 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Malwarebytes
2009-08-15 18:07:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-08-15 18:06:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-15 17:05:55 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-14 12:13:43 ----D---- C:\Program Files\Lavasoft
2009-08-14 12:13:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2009-08-13 16:44:22 ----D---- C:\Program Files\Process Monitor
2009-08-13 11:48:32 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-08-13 11:48:32 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-13 11:48:22 ----D---- C:\Program Files\Alwil Software
2009-08-13 09:12:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2009-08-13 09:12:16 ----A---- C:\WINDOWS\system32\guard32.dll
2009-08-13 03:01:35 ----A---- C:\WINDOWS\cfplogvw.INI
2009-08-13 02:43:24 ----D---- C:\Program Files\ThreatFire
2009-08-13 02:32:56 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-08-13 02:32:42 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2009-08-13 02:00:47 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-12 23:02:23 ----D---- C:\Program Files\Trend Micro
2009-08-12 09:31:37 ----D---- C:\Program Files\DAEMON Tools Toolbar
======List of files/folders modified in the last 1 months======
2009-08-17 22:26:50 ----D---- C:\WINDOWS\Temp
2009-08-17 22:26:39 ----D---- C:\WINDOWS\Prefetch
2009-08-17 22:11:05 ----A---- C:\WINDOWS\LogonStudio.ini
2009-08-17 22:10:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-17 22:09:50 ----D---- C:\WINDOWS\system32\drivers
2009-08-17 18:56:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-17 14:57:13 ----SHD---- C:\System Volume Information
2009-08-16 23:16:15 ----RD---- C:\Program Files
2009-08-16 11:09:29 ----A---- C:\WINDOWS\WININIT.INI
2009-08-16 11:01:59 ----D---- C:\WINDOWS
2009-08-16 10:59:07 ----SD---- C:\WINDOWS\Tasks
2009-08-16 10:55:38 ----SHD---- C:\WINDOWS\Installer
2009-08-16 10:49:52 ----D---- C:\WINDOWS\system32
2009-08-15 17:06:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-15 17:05:54 ----HD---- C:\WINDOWS\inf
2009-08-14 19:05:02 ----D---- C:\Program Files\BOINC
2009-08-14 16:09:25 ----SH---- C:\boot.ini
2009-08-14 16:09:25 ----A---- C:\WINDOWS\win.ini
2009-08-14 16:09:25 ----A---- C:\WINDOWS\system.ini
2009-08-14 15:34:22 ----D---- C:\WINDOWS\security
2009-08-14 12:18:44 ----SHD---- C:\WINDOWS\CSC
2009-08-14 12:17:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-14 12:15:34 ----HD---- C:\$AVG8.VAULT$
2009-08-13 22:11:05 ----D---- C:\Documents and Settings
2009-08-13 16:26:32 ----D---- C:\WINDOWS\system32\config
2009-08-13 09:12:09 ----D---- C:\Program Files\COMODO
2009-08-13 02:49:13 ----D---- C:\Program Files\Common Files
2009-08-13 02:00:48 ----D---- C:\WINDOWS\Debug
2009-08-13 00:19:27 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Comodo
2009-08-12 22:19:20 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\DAEMON Tools Lite
2009-08-12 09:31:37 ----D---- C:\Program Files\DAEMON Tools Lite
2009-08-11 23:27:59 ----A---- C:\moduleName.txt
2009-08-09 08:08:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-08 09:28:28 ----RSD---- C:\WINDOWS\assembly
2009-08-03 07:04:41 ----D---- C:\Program Files\Winamp
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-18 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-23 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-07 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-08-13 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-08-13 25160]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-07-07 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-07-07 532376]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2008-07-07 18840]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-07-07 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-07-07 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-07-07 92696]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2008-07-07 797720]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2008-07-07 162840]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-07-07 127512]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 XBCD;XBCD Kernel Module; C:\WINDOWS\System32\Drivers\xbcd.sys [2005-05-13 19212]
S3 acejz7h9;acejz7h9; C:\WINDOWS\system32\drivers\acejz7h9.sys []
S3 aei052mi;aei052mi; C:\WINDOWS\system32\drivers\aei052mi.sys []
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-07-07 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys []
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2007-04-23 18432]
S3 UCharger;Usb Charger Driver; C:\WINDOWS\System32\Drivers\UCharger.sys [2007-05-15 13765]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2007-05-31 12800]
S3 UKS11LDR;M-Audio USB Keystation Loader; C:\WINDOWS\system32\drivers\uks11ldr.sys [2008-09-20 13504]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBKT1X1;M-Audio USB Keystation; C:\WINDOWS\system32\drivers\usbkt1x1.sys [2008-09-20 22304]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-08-13 707152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-16 1029456]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2009-06-19 70928]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2007-05-31 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
S4 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-18 907032]
S4 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-23 298776]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-18 152984]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; D:\Applications\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-08-17 22:27:08
======Uninstall list======
-->"D:\APPLICATIONS\ViaVoice\Bin\vunUK.exe" ProdRunDictate Dc En_UK 'IBM ViaVoice™ Dictation Runtime' C:\WINDOWS\IsUninst.exe -fD:\APPLICATIONS\ViaVoice\RtDict_UK.isu
-->"D:\APPLICATIONS\ViaVoice\Bin\vunUK.exe" ProdRunDictate Dc En_UK 'IBM ViaVoice™ Dictation Runtime' C:\WINDOWS\IsUninst.exe -fD:\APPLICATIONS\ViaVoice\RtDict_UK.isu
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fD:\APPLICATIONS\ViaVoice\tts\vvol50En_UK.isu -c"D:\APPLICATIONS\ViaVoice\tts\\vo50u_UK.dll"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Product/Adobe Studio Update 10/2001-->"C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}\setup.exe"
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Anvil Studio-->C:\WINDOWS\system32\AsUninst.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AutoHotkey 1.0.47.06-->C:\Program Files\AutoHotkey\uninst.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BOINC-->MsiExec.exe /I{14DD76C8-F13A-4565-B607-5516E8A9ABFE}
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 User Registration-->C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CEP (Color Enable Package) v.9.0 (beta)-->"D:\Games\zCEP_Uninstaller\unins000.exe"
Colossus Addon Mod 1.0-->E:\Marvin's Documents\SimCity 4\Plugins\a_CAM\uninst.exe
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Dan Elwell's Broadband Speed Test-->"C:\Program Files\Dan Elwell's Broadband Speed Test\unins000.exe"
D-Fend Reloaded 0.7.0 (deinstall)-->"C:\Program Files\D-Fend Reloaded\Uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Energizer UsbCharger v1.0.0-->"C:\Program Files\Energizer UsbCharger\unins000.exe"
FaxTools eXPert-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}\setup.exe" -l0x9
Fences (Free)-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall fences
Fences-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{E94FD7CC-6945-4744-99C3-9BFF40AA2F24}\Fences.exe" REMOVE=TRUE MODIFY=FALSE
Fences-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{E94FD7CC-6945-4744-99C3-9BFF40AA2F24}\Fences.exe
GalCiv II - Twilight of the Arnor-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall gta
Gimp 2.6.1-->"C:\Program Files\GIMP-2.2\setup\unins000.exe"
GTK+ 2.6.4 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
IBM ViaVoice Standard 10.0 - UK English-->"D:\APPLICATIONS\ViaVoice\Bin\uninst_UK.exe" DeleteProdVVFW100Basic_UK
Impulse-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{7EDBFAEE-C619-4CE4-BE01-EDEA39CA0347}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{7EDBFAEE-C619-4CE4-BE01-EDEA39CA0347}\Impulse_setup.exe
InfoManager-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\InfoManager\ST6UNST.LOG"
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
LogonStudio-->C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Lola-->MsiExec.exe /I{282E68BD-3D37-443A-A891-299CF4ED6F0C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU-->D:\Applications\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 6.0 Enterprise Edition-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft VM for Java-->RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Miles Sound Tools-->C:\PROGRA~1\MILESS~1\UNWISE.EXE C:\PROGRA~1\MILESS~1\INSTALL.LOG
Miranda IM 0.7.17-->C:\Program Files\Miranda IM\Uninstall.exe
MoRUN.net Sticker-->MsiExec.exe /X{620797B0-A022-4B57-A95E-CD7DD0325010}
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.5.2)-->D:\Applications\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->D:\Applications\Thunderbird\uninstall\helper.exe
MP3toBMU 0.35-->C:\Program Files\MP3toBMU\uninst.exe
MSDN Library for Visual Studio 2005-->msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2005-->MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
MyColors Diamond Desktop-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall diamond
Network Addon Mod Version April 2008-->E:\Marvin's Documents\SimCity 4\Plugins\Network Addon Mod\uninst.exe
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\NVUninst.exe UninstallGUI
NVIDIA nForce Drivers-->C:\WINDOWS\system32\nvuninst.exe Uninstall C:\WINDOWS\system32\NVU001.nvu,NVIDIA nForce Drivers
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RAD Video Tools-->"D:\Applications\RADVideo\uninstall.exe"
Ray Adams ATI Tray Tools-->"C:\Program Files\Ray Adams\ATI Tray Tools\uninstall.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SimCity 4 Deluxe-->H:\Games\SimCity 4 Deluxe\EAUninstall.exe
SimPE 0.72 (alpha)-->"C:\Program Files\SimPE\unins001.exe"
SkinStudio 6 Professional-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall sks
SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
Sony Sound Forge 7.0-->MsiExec.exe /I{6B629F70-BE1D-456E-AA97-73619020E7A1}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Stardock Central-->C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Stardock MyColors-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{CED4439A-2AAC-4B94-8453-4969CC2D31F9}\MyColors.exe" REMOVE=TRUE MODIFY=FALSE
Stardock MyColors-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{CED4439A-2AAC-4B94-8453-4969CC2D31F9}\MyColors.exe
Starfleet Command III Patcher-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Taldren\Starfleet Command III Patcher\Patcher.isu"
Starfleet Command Orion Pirates-->C:\WINDOWS\IsUninst.exe -f"D:\Games\Starfleet Command Orion Pirates\Uninst.isu"
StyleXP (remove only)-->"C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
SwapMouseButtons version 2.3-->"C:\Program Files\SwapMouseButtons\unins000.exe"
The Battle for Middle-earth (tm) II-->H:\Games\Battle for Middle-earth II\EAUninstall.exe
The Lord of the Rings Online™: Shadows of Angmar™ v01.05.00.811-->"D:\Games\Lord of the Rings Online\unins000.exe"
The Lord of the Rings, The Rise of the Witch-king-->H:\Games\The Lord of the Rings, The Rise of the Witch King\EAUninstall.exe
The Sims 2 Nightlife-->D:\Games\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->D:\Games\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->D:\Games\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->D:\Games\The Sims 2 University\EAUninstall.exe
The Sims 2-->D:\Games\The Sims 2\EAUninstall.exe
The Sims™ 2 Apartment Life-->D:\Games\The Sims 2 Apartment Life\EAUninstall.exe
The Sims™ 2 Bon Voyage-->D:\Games\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 FreeTime-->D:\Games\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 Seasons-->D:\Games\The Sims 2 Seasons\EAUninstall.exe
ThreatFire-->"C:\Program Files\ThreatFire\unins000.exe"
Turnpike Six-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{312B0A22-CF24-11D3-AB8B-00C04FCF5090}\Setup.exe" -l0x9 TurnpikeAddRemove
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
USB Keyboard Device 1.0.1.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\M-Audio USB Keyboard Device\irunin.ini"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp Essentials Pack-->C:\Program Files\Winamp\UninstallWinampEssentials.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds 6-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall wb6
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordWeb-->D:\Applications\WordWeb\uninst.exe
XBCD 1.07-->C:\Program Files\XBCD\uninst.exe
Zip Motion Block Video codec (Remove Only)-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\ZMBV.INF
=====HijackThis Backups=====
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll [2009-08-12]
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll [2009-08-12]
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll [2009-08-12]
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2009-08-12]
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2009-08-12]
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll [2009-08-15]
======Hosts File======
127.0.0.1
www.007guard.com127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
www.008k.com127.0.0.1 008k.com
127.0.0.1
www.00hq.com127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
www.032439.com127.0.0.1 032439.com
======Security center information======
AV: AVG Anti-Virus Free (disabled)
AV: Lavasoft Ad-Watch Live! Anti-Virus
AV: avast! antivirus 4.8.1335 [VPS 090817-0]
FW: COMODO Firewall
======System event log======
Computer Name: OMNILOTH
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00000000A666. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 11951
Source Name: Dhcp
Time Written: 20090419132544.000000+060
Event Type: warning
User:
Computer Name: OMNILOTH
Event Code: 7034
Message: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
Record Number: 11945
Source Name: Service Control Manager
Time Written: 20090419132456.000000+060
Event Type: error
User:
Computer Name: OMNILOTH
Event Code: 7034
Message: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
Record Number: 11930
Source Name: Service Control Manager
Time Written: 20090419125054.000000+060
Event Type: error
User:
Computer Name: OMNILOTH
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00000000A666. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 11925
Source Name: Dhcp
Time Written: 20090419111404.000000+060
Event Type: warning
User:
Computer Name: OMNILOTH
Event Code: 1002
Message: The IP address lease 10.0.0.123 for the Network Card with network address 00000000A666 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Record Number: 11923
Source Name: Dhcp
Time Written: 20090418164808.000000+060
Event Type: error
User:
=====Application event log=====
Computer Name: OMNILOTH
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.NetEnterpriseServers.ExceptionMessageBox, Version=9.0.242.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91
Record Number: 1114
Source Name: .NET Runtime Optimization Service
Time Written: 20080201140146.000000+000
Event Type:
User:
Computer Name: OMNILOTH
Event Code: 40
Message: WMI ADAP was unable to create the object Win32_PerfFormattedData_MSSQLSQLEXPRESS_MSSQLSQLEXPRESSBufferManager for Performance Library MSSQL$SQLEXPRESS because error 0x80041002 was returned
Record Number: 1112
Source Name: WinMgmt
Time Written: 20080201140013.000000+000
Event Type: warning
User:
Computer Name: OMNILOTH
Event Code: 40
Message: WMI ADAP was unable to create the object Win32_PerfFormattedData_MSSQLSQLEXPRESS_MSSQLSQLEXPRESSBufferManager for Performance Library MSSQL$SQLEXPRESS because error 0x80041002 was returned
Record Number: 1111
Source Name: WinMgmt
Time Written: 20080201140013.000000+000
Event Type: warning
User:
Computer Name: OMNILOTH
Event Code: 5603
Message: A provider, SQLServerEventProvider, has been registered in the WMI namespace, root\Microsoft\SqlServer\ServerEvents\SQLEXPRESS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.
Record Number: 803
Source Name: WinMgmt
Time Written: 20080201135714.000000+000
Event Type: warning
User: OMNILOTH\Marvin Kosh
Computer Name: OMNILOTH
Event Code: 5603
Message: A provider, SQLServerEventProvider, has been registered in the WMI namespace, root\Microsoft\SqlServer\ServerEvents\SQLEXPRESS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.
Record Number: 802
Source Name: WinMgmt
Time Written: 20080201135714.000000+000
Event Type: warning
User: OMNILOTH\Marvin Kosh
======Environment variables======
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0a00
"PYTHON"=C:\Program Files\Python26\python.exe
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS80COMNTOOLS"=D:\Applications\Microsoft Visual Studio 8\Common7\Tools\
"windir"=%SystemRoot%
-----------------EOF-----------------
Current condition:
As I've mentioned, I have taken some measures to avoid further infection from my browser. I've also increased the amount of prompting that Comodo gives me when untrusted processes are accessing files, folders, and the internet. I also get prompting from Ad-Watch Live if the registry is being modified.
I've also loaded up Process Monitor to see if my processes have been doing any strange stuff. Firefox was writing to a temporary file (fla16.tmp) a lot before the first infection was found and quarantined. It's not doing that anymore.
Apart from the result from MBAM (above) I haven't run into any more malicious files.