Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus is Back

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Virus is Back

Unread postby Wingman » December 9th, 2009, 1:40 pm

Hello tantraka,
Thanks for the scan results. The Virus Total scan was clean so that file is not a problem. I want you run the RSIT process again.

Please DO NOT turn off your computer or reboot it, after running the RSIT step.
This is because some malware alters it's file names each time the computer is started, to prevent removal.

Please do not make any changes to your system, run any "fix" programs and/or remove any files unless instructed to do so, by me.
Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced.<<will be maximized
  3. Please post ONLY the "log.txt", file contents in your next reply.

Remember.. do not shut off or restart your computer from this point on, unless I request it.

Step 2.
Please include in your next reply:
  1. RSIT log.txt file contents.
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Re: Virus is Back

Unread postby Tantraka » December 9th, 2009, 5:27 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-12-09 15:26:15
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 44 GB (15%) free of 295 GB
Total RAM: 2021 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:19 PM, on 12/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Users\Owner\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... P&M=GM5420
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GM5420
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... P&M=GM5420
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_S7017.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [EPSON NX410 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_S9088.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [kawasoyuf] Rundll32.exe "c:\progra~2\witeyaza\witeyaza.dll",a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1553491668-2783746715-2578131821-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8888 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\mvlsywqj.job
C:\Windows\tasks\oslayclj.job
C:\Windows\tasks\rofybozc.job
C:\Windows\tasks\User_Feed_Synchronization-{93C58487-1B04-4A3C-B209-304F778C35D1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-08-09 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\google\BAE.dll [2006-02-01 94208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-12-12 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-12-12 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-12-12 81920]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-02 303104]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-10 86960]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-10 218032]
"EPSON NX410 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE [2008-10-01 199680]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-10-05 2075384]
"EPSON NX410 Series (Copy 1)"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE [2008-10-01 199680]
"kawasoyuf"=c:\progra~2\witeyaza\witeyaza.dll [2009-09-07 92160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-12-12 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\AutoRun\command - L:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\AutoRun\command - M:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
shell\AutoRun\command - N:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8272-b0e5-11de-b663-0019d1113830}]
shell\AutoRun\command - P:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8274-b0e5-11de-b663-0019d1113830}]
shell\AutoRun\command - Q:\Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8276-b0e5-11de-b663-0019d1113830}]
shell\AutoRun\command - R:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8278-b0e5-11de-b663-0019d1113830}]
shell\AutoRun\command - S:\Setup.exe


======List of files/folders created in the last 1 months======

2009-12-07 00:29:26 ----D---- C:\ProgramData\wotaheka
2009-12-07 00:29:26 ----D---- C:\ProgramData\witeyaza
2009-12-06 12:29:11 ----D---- C:\ProgramData\legidonu
2009-12-06 12:29:11 ----D---- C:\ProgramData\fidetiga
2009-12-05 21:39:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-05 21:10:23 ----D---- C:\Windows\ERDNT
2009-12-05 21:08:50 ----D---- C:\Program Files\ERUNT
2009-12-05 21:02:44 ----D---- C:\ProgramData\luhuwuji
2009-12-05 21:02:44 ----D---- C:\ProgramData\huvajolu
2009-12-05 08:56:04 ----D---- C:\ProgramData\tutatezu
2009-12-05 08:56:04 ----D---- C:\ProgramData\merisemo
2009-12-04 17:49:13 ----D---- C:\ProgramData\hazafupe
2009-12-04 17:49:13 ----D---- C:\ProgramData\bejanapo
2009-12-03 17:52:39 ----D---- C:\ProgramData\talogevi
2009-12-03 17:52:39 ----D---- C:\ProgramData\lekefoji
2009-12-02 17:55:11 ----D---- C:\ProgramData\bonigezi
2009-12-02 17:55:10 ----D---- C:\ProgramData\yavawoji
2009-12-01 17:22:00 ----D---- C:\ProgramData\raditile
2009-11-27 12:07:36 ----D---- C:\Program Files\PokerStars.NET
2009-11-26 18:11:10 ----D---- C:\Program Files\kill.switch
2009-11-26 18:09:46 ----D---- C:\ProgramData\wemafuni
2009-11-25 09:48:47 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 17:46:11 ----A---- C:\Windows\system32\msxml6.dll
2009-11-24 17:46:10 ----A---- C:\Windows\system32\msxml3.dll
2009-11-15 20:49:12 ----D---- C:\Users\Owner\AppData\Roaming\Leadertech
2009-11-15 20:27:01 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-11-15 20:26:59 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-11-15 20:26:56 ----A---- C:\Windows\system32\xinput1_3.dll
2009-11-15 20:26:56 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-11-15 20:26:55 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-11-15 20:26:53 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-11-15 20:26:52 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-11-15 20:26:29 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-11-15 20:26:26 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-11-15 20:26:25 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-11-15 20:26:24 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-11-15 20:26:23 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-11-15 20:26:22 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-11-15 20:26:20 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-11-11 18:03:19 ----D---- C:\b14cae4524a2c91c9480
2009-11-10 21:58:55 ----A---- C:\Windows\system32\WSDApi.dll

======List of files/folders modified in the last 1 months======

2009-12-09 15:26:19 ----D---- C:\Windows\Temp
2009-12-09 15:23:55 ----D---- C:\Windows\Tasks
2009-12-08 21:22:36 ----D---- C:\Windows\Prefetch
2009-12-08 17:29:20 ----D---- C:\Windows\System32
2009-12-08 17:29:20 ----D---- C:\Windows\inf
2009-12-08 17:29:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-08 16:25:12 ----D---- C:\ProgramData\Google Updater
2009-12-07 15:38:52 ----SHD---- C:\System Volume Information
2009-12-07 00:29:26 ----HD---- C:\ProgramData
2009-12-05 21:39:48 ----D---- C:\Windows\system32\drivers
2009-12-05 21:39:46 ----RD---- C:\Program Files
2009-12-05 21:38:49 ----D---- C:\Program Files\Mozilla Firefox
2009-12-05 21:36:38 ----D---- C:\WINDOWS
2009-12-05 21:05:19 ----D---- C:\rsit
2009-12-05 11:59:41 ----D---- C:\Windows\system32\catroot2
2009-12-03 18:16:04 ----D---- C:\Windows\Minidump
2009-12-03 18:06:12 ----A---- C:\Windows\system32\pbsvc.exe
2009-12-03 17:57:33 ----D---- C:\Program Files\Orbitdownloader
2009-12-03 17:57:32 ----D---- C:\Users\Owner\AppData\Roaming\Orbit
2009-12-03 17:57:11 ----D---- C:\Program Files\GamersFirst
2009-11-29 14:29:12 ----D---- C:\Users\Owner\AppData\Roaming\LimeWire
2009-11-26 20:24:17 ----D---- C:\Program Files\Common Files\Steam
2009-11-26 18:09:55 ----SHD---- C:\Windows\Installer
2009-11-26 18:09:55 ----SHD---- C:\Config.Msi
2009-11-26 18:09:55 ----D---- C:\Program Files\SystemRequirementsLab
2009-11-26 18:09:49 ----D---- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
2009-11-26 15:14:36 ----D---- C:\Users\Owner\AppData\Roaming\DNA
2009-11-26 13:28:57 ----D---- C:\Downloads
2009-11-26 13:02:47 ----D---- C:\Program Files\DNA
2009-11-26 12:59:28 ----D---- C:\Program Files\Steam
2009-11-25 15:37:23 ----D---- C:\Windows\rescache
2009-11-25 13:12:10 ----D---- C:\Windows\system32\en-US
2009-11-25 11:28:26 ----D---- C:\AeriaGames
2009-11-25 09:49:47 ----D---- C:\Windows\winsxs
2009-11-25 09:49:27 ----D---- C:\Windows\system32\catroot
2009-11-15 22:53:33 ----D---- C:\Users\Owner\AppData\Roaming\uTorrent
2009-11-15 20:27:03 ----D---- C:\Program Files\EA SPORTS
2009-11-15 20:26:52 ----RSD---- C:\Windows\assembly
2009-11-14 07:36:09 ----D---- C:\ProgramData\Microsoft Help
2009-11-14 07:34:13 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-14 07:33:40 ----D---- C:\Program Files\Microsoft Works
2009-11-14 07:30:24 ----A---- C:\Windows\win.ini
2009-11-14 07:30:21 ----D---- C:\Program Files\Common Files\System
2009-11-11 18:08:27 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 8704]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-16 214912]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2006-10-30 44416]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2007-06-20 267264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2008-08-09 5504]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-02 812032]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC); C:\Windows\system32\DRIVERS\xcbda.sys [2006-11-17 147328]
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2003-04-17 68672]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\User [2008-08-09 2]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HookProtect;HookProtect; \??\C:\STEPS\element\HookProtect.sys [2009-04-12 215552]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys []
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-18 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S3 XDva214;XDva214; \??\C:\Windows\system32\XDva214.sys []
S3 XDva262;XDva262; \??\C:\Windows\system32\XDva262.sys []
S3 XDva288;XDva288; \??\C:\Windows\system32\XDva288.sys []
S3 XDva294;XDva294; \??\C:\Windows\system32\XDva294.sys []
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [2009-02-26 1547264]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880]
R2 lxbf_device;lxbf_device; C:\Windows\system32\lxbfcoms.exe [2007-04-24 537520]
R2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-06-29 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S2 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-26 320760]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-02-16 2736890]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
Tantraka
Regular Member
 
Posts: 25
Joined: January 3rd, 2009, 11:53 pm

Re: Virus is Back

Unread postby Wingman » December 9th, 2009, 8:10 pm

Hello Tantraka,
Let know, if for any reason, you had to reboot your machine after running the RSIT scan. If not, no need to say anything.

Please do not make any changes to your system, run any "fix" programs and/or remove any files unless instructed to do so, by me.
Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please print these instructions. You will be rebooting your machine.

Step 1.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
    VISTA users must right-click on ERUNT from the menu, select "Run As Administrator", to run the process.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
OTM
  1. Please download OTM.exe...by Old Timer. Save it to your desktop.
  2. Right click on OTM.exe and select Run As Administrator to run it. If Windows UAC prompts, please allow it.
  3. Please copy and paste the text in the Code box below, into OTM (1).
    Please refer to the OTM screen image below, for reference.
    Warning: Do not type it out... errors could damage your machine.
    Code: Select all
    :Processes
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "kawasoyuf"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8272-b0e5-11de-b663-0019d1113830}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8274-b0e5-11de-b663-0019d1113830}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8276-b0e5-11de-b663-0019d1113830}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8278-b0e5-11de-b663-0019d1113830}]
    
    :Files
    C:\Windows\tasks\mvlsywqj.job
    C:\Windows\tasks\oslayclj.job
    C:\Windows\tasks\rofybozc.job
    C:\Windows\system32\pbsvc.exe
    C:\ProgramData\wotaheka
    C:\ProgramData\witeyaza
    C:\ProgramData\legidonu
    C:\ProgramData\fidetiga
    C:\ProgramData\luhuwuji
    C:\ProgramData\huvajolu
    C:\ProgramData\tutatezu
    C:\ProgramData\merisemo
    C:\ProgramData\hazafupe
    C:\ProgramData\bejanapo
    C:\ProgramData\talogevi
    C:\ProgramData\lekefoji
    C:\ProgramData\bonigezi
    C:\ProgramData\yavawoji
    C:\ProgramData\raditile
    C:\ProgramData\wemafuni
    C:\Program Files\Orbitdownloader
    C:\Users\Owner\AppData\Roaming\Orbit
    C:\Program Files\GamersFirst
    C:\Users\Owner\AppData\Roaming\LimeWire
    C:\Users\Owner\AppData\Roaming\DNA
    C:\Program Files\DNA
    C:\Users\Owner\AppData\Roaming\uTorrent
    
    :Commands
    [EmptyTemp]
    [Start Explorer]
    [Reboot]
    


    Please refer to this image to use OTM.

    Image

  4. Click on MoveIt! (2)
  5. The end results of the processing will be in 2 places:
    • The Results window on the right side of the OTM screen.
    • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"
  6. Copy all the text from the Results window... Open Notepad, paste the OTM results into the Notepad file, save it on your desktop.
  7. Click Exit (3) when done.
  8. Please paste the entire content from the OTM (Results) window (Notepad file) or the OTM log file, in your next reply.
NOTE: If your computer did not automatically reboot... please reboot it (normally) now!

Step 3.
ESET NOD32 Online Scan
Note: You - will - need to use Internet Explorer for this scan!
Vista users: You will need to to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
AVAST
  • Right click on the avast! icon in system tray (looks like this: Image)
  • Choose (Stop On-Access Protection)

Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.

Remember to enable your Anti-virus protection... before continuing!

Step 4.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.
  1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  2. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced.<<will be maximized
  3. Please post ONLY the "log.txt", file contents in your next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTM scan results.
  3. ESET scan results
  4. New RSIT log.txt file contents.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Virus is Back

Unread postby Tantraka » December 10th, 2009, 5:48 pm

I was able to run all steps successfully.
As far as how my computer is acting, it seems to be better. I can now run most sites on my browsers and I haven't gotten any warnings from WinPatrol
Here are the require logs.

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kawasoyuf deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8272-b0e5-11de-b663-0019d1113830}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91fc8272-b0e5-11de-b663-0019d1113830}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8274-b0e5-11de-b663-0019d1113830}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91fc8274-b0e5-11de-b663-0019d1113830}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8276-b0e5-11de-b663-0019d1113830}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91fc8276-b0e5-11de-b663-0019d1113830}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fc8278-b0e5-11de-b663-0019d1113830}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91fc8278-b0e5-11de-b663-0019d1113830}\ not found.
========== FILES ==========
C:\Windows\tasks\mvlsywqj.job moved successfully.
C:\Windows\tasks\oslayclj.job moved successfully.
C:\Windows\tasks\rofybozc.job moved successfully.
C:\Windows\system32\pbsvc.exe moved successfully.
C:\ProgramData\wotaheka folder moved successfully.
C:\ProgramData\witeyaza folder moved successfully.
C:\ProgramData\legidonu folder moved successfully.
C:\ProgramData\fidetiga folder moved successfully.
C:\ProgramData\luhuwuji folder moved successfully.
C:\ProgramData\huvajolu folder moved successfully.
C:\ProgramData\tutatezu folder moved successfully.
C:\ProgramData\merisemo folder moved successfully.
C:\ProgramData\hazafupe folder moved successfully.
C:\ProgramData\bejanapo folder moved successfully.
C:\ProgramData\talogevi folder moved successfully.
C:\ProgramData\lekefoji folder moved successfully.
C:\ProgramData\bonigezi folder moved successfully.
C:\ProgramData\yavawoji folder moved successfully.
C:\ProgramData\raditile folder moved successfully.
C:\ProgramData\wemafuni folder moved successfully.
C:\Program Files\Orbitdownloader\addons\orbitff\chrome folder moved successfully.
C:\Program Files\Orbitdownloader\addons\orbitff folder moved successfully.
C:\Program Files\Orbitdownloader\addons folder moved successfully.
C:\Program Files\Orbitdownloader folder moved successfully.
C:\Users\Owner\AppData\Roaming\Orbit\flink folder moved successfully.
C:\Users\Owner\AppData\Roaming\Orbit folder moved successfully.
C:\Program Files\GamersFirst folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\themes\windows_theme folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\themes folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\certificate folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire folder moved successfully.
C:\Users\Owner\AppData\Roaming\DNA folder moved successfully.
C:\Program Files\DNA\plugins folder moved successfully.
C:\Program Files\DNA folder moved successfully.
C:\Users\Owner\AppData\Roaming\uTorrent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 3117854 bytes
->Temporary Internet Files folder emptied: 55587760 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97931849 bytes
->Apple Safari cache emptied: 18165573 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 5593 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 32074 bytes

Total Files Cleaned = 166.77 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12092009_224037

Files moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\~DFDD27.tmp moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=dab344c148e9124484b8ceb4d9adccb1
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-10 07:30:19
# local_time=2009-12-10 01:30:19 (-0600, Central Standard Time)
# country="United States"
# lang=9
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 28461731 28461731 0 0
# compatibility_mode=769 16775165 100 98 0 195787384 0 0
# compatibility_mode=5892 16776573 100 100 116587 97028158 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=352567
# found=21
# cleaned=0
# scan_time=9588
C:\Program Files\GustoSoft\Ace DivX Player\eBayShortcuts.exe a variant of Win32/Adware.ADON application 00000000000000000000000000000000 I
C:\ProgramData\Spybot - Search & Destroy\Recovery\ZangoShoppingReport14.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\ProgramData\Spybot - Search & Destroy\Recovery\ZangoShoppingReport4.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ZangoShoppingReport14.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Users\All Users\Spybot - Search & Destroy\Recovery\ZangoShoppingReport4.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Users\Owner\Downloads\dxplayer_setup_21.exe multiple threats 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\bejanapo\bejanapo.dll a variant of Win32/Kryptik.BJG trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\bonigezi\bonigezi.dll a variant of Win32/KillAV.NGT trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\fidetiga\fidetiga.dll a variant of Win32/Kryptik.BJG trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\hazafupe\hazafupe.dll a variant of Win32/Kryptik.BJG trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\huvajolu\huvajolu.dll a variant of Win32/Kryptik.BJG trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\legidonu\legidonu.dll a variant of Win32/Kryptik.BJG trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\lekefoji\lekefoji.dll a variant of Win32/Adware.Virtumonde.NGJ application 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\luhuwuji\luhuwuji.dll a variant of Win32/Kryptik.BJG trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\merisemo\merisemo.dll a variant of Win32/Kryptik.BJG trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\raditile\raditile.dll a variant of Win32/Adware.Virtumonde.NGJ application 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\talogevi\talogevi.dll a variant of Win32/KillAV.NGT trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\tutatezu\tutatezu.dll a variant of Win32/Kryptik.BJG trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\witeyaza\witeyaza.dll a variant of Win32/Kryptik.BJG trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\wotaheka\wotaheka.dll a variant of Win32/Kryptik.BJG trojan 00000000000000000000000000000000 I
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\yavawoji\yavawoji.dll a variant of Win32/Adware.Virtumonde.NGJ application 00000000000000000000000000000000 I


Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-12-10 15:43:36
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 43 GB (15%) free of 295 GB
Total RAM: 2021 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:43:45 PM, on 12/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... P&M=GM5420
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GM5420
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... P&M=GM5420
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_S7017.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [EPSON NX410 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_S9088.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1553491668-2783746715-2578131821-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8932 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{93C58487-1B04-4A3C-B209-304F778C35D1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2008-08-09 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\google\BAE.dll [2006-02-01 94208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-12-12 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-12-12 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-12-12 81920]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-02 303104]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-10 86960]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-10 218032]
"EPSON NX410 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE [2008-10-01 199680]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-10-05 2075384]
"EPSON NX410 Series (Copy 1)"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE [2008-10-01 199680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-12-12 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-12-09 22:47:54 ----D---- C:\Program Files\ESET
2009-12-09 22:40:37 ----D---- C:\_OTM
2009-12-09 17:12:46 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 17:12:32 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 17:12:31 ----A---- C:\Windows\system32\occache.dll
2009-12-09 17:12:30 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 17:12:29 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 17:12:26 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 17:12:25 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 17:12:24 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 17:12:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 17:12:22 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 17:12:21 ----A---- C:\Windows\system32\ieaksie.dll
2009-12-09 17:12:18 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 17:12:16 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 17:12:15 ----A---- C:\Windows\system32\mstime.dll
2009-12-09 17:12:13 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 17:11:54 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 17:11:53 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 17:11:29 ----A---- C:\Windows\system32\rastls.dll
2009-12-09 17:11:28 ----A---- C:\Windows\system32\raschap.dll
2009-12-05 21:39:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-05 21:10:23 ----D---- C:\Windows\ERDNT
2009-12-05 21:08:50 ----D---- C:\Program Files\ERUNT
2009-11-27 12:07:36 ----D---- C:\Program Files\PokerStars.NET
2009-11-26 18:11:10 ----D---- C:\Program Files\kill.switch
2009-11-25 09:48:47 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 17:46:11 ----A---- C:\Windows\system32\msxml6.dll
2009-11-24 17:46:10 ----A---- C:\Windows\system32\msxml3.dll
2009-11-15 20:49:12 ----D---- C:\Users\Owner\AppData\Roaming\Leadertech
2009-11-15 20:27:01 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-11-15 20:26:59 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-11-15 20:26:56 ----A---- C:\Windows\system32\xinput1_3.dll
2009-11-15 20:26:56 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-11-15 20:26:55 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-11-15 20:26:53 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-11-15 20:26:52 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-11-15 20:26:29 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-11-15 20:26:26 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-11-15 20:26:25 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-11-15 20:26:24 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-11-15 20:26:23 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-11-15 20:26:22 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-11-15 20:26:20 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-11-11 18:03:19 ----D---- C:\b14cae4524a2c91c9480

======List of files/folders modified in the last 1 months======

2009-12-10 15:43:45 ----D---- C:\Windows\Prefetch
2009-12-10 15:43:38 ----D---- C:\Windows\Temp
2009-12-10 14:57:10 ----D---- C:\Windows\Tasks
2009-12-10 11:09:58 ----SHD---- C:\System Volume Information
2009-12-10 03:40:44 ----D---- C:\Windows\rescache
2009-12-10 03:35:40 ----D---- C:\Windows\winsxs
2009-12-10 03:30:44 ----D---- C:\Windows\System32
2009-12-10 03:30:44 ----D---- C:\Windows\inf
2009-12-10 03:30:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-10 03:25:33 ----D---- C:\Windows\system32\catroot
2009-12-10 03:23:11 ----D---- C:\Windows\system32\en-US
2009-12-10 03:23:11 ----D---- C:\Windows\system32\drivers
2009-12-10 03:23:11 ----D---- C:\Program Files\Windows Mail
2009-12-10 03:23:11 ----D---- C:\Program Files\Internet Explorer
2009-12-10 03:06:53 ----SHD---- C:\Windows\Installer
2009-12-10 03:06:52 ----SHD---- C:\Config.Msi
2009-12-10 03:06:52 ----D---- C:\ProgramData\Microsoft Help
2009-12-09 22:47:55 ----SD---- C:\Windows\Downloaded Program Files
2009-12-09 22:47:54 ----RD---- C:\Program Files
2009-12-09 22:40:41 ----HD---- C:\ProgramData
2009-12-09 17:26:13 ----D---- C:\ProgramData\Google Updater
2009-12-09 17:10:06 ----D---- C:\Windows\system32\catroot2
2009-12-09 15:26:46 ----D---- C:\rsit
2009-12-05 21:38:49 ----D---- C:\Program Files\Mozilla Firefox
2009-12-05 21:36:38 ----D---- C:\WINDOWS
2009-12-03 18:16:04 ----D---- C:\Windows\Minidump
2009-12-01 14:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-26 20:24:17 ----D---- C:\Program Files\Common Files\Steam
2009-11-26 18:09:55 ----D---- C:\Program Files\SystemRequirementsLab
2009-11-26 18:09:49 ----D---- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
2009-11-26 13:28:57 ----D---- C:\Downloads
2009-11-26 12:59:28 ----D---- C:\Program Files\Steam
2009-11-25 11:28:26 ----D---- C:\AeriaGames
2009-11-15 20:27:03 ----D---- C:\Program Files\EA SPORTS
2009-11-15 20:26:52 ----RSD---- C:\Windows\assembly
2009-11-14 07:34:13 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-14 07:33:40 ----D---- C:\Program Files\Microsoft Works
2009-11-14 07:30:24 ----A---- C:\Windows\win.ini
2009-11-14 07:30:21 ----D---- C:\Program Files\Common Files\System

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 8704]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-16 214912]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2006-10-30 44416]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2007-06-20 267264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2008-08-09 5504]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-02 812032]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC); C:\Windows\system32\DRIVERS\xcbda.sys [2006-11-17 147328]
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2003-04-17 68672]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\User [2008-08-09 2]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HookProtect;HookProtect; \??\C:\STEPS\element\HookProtect.sys [2009-04-12 215552]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys []
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-18 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S3 XDva214;XDva214; \??\C:\Windows\system32\XDva214.sys []
S3 XDva262;XDva262; \??\C:\Windows\system32\XDva262.sys []
S3 XDva288;XDva288; \??\C:\Windows\system32\XDva288.sys []
S3 XDva294;XDva294; \??\C:\Windows\system32\XDva294.sys []
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [2009-02-26 1547264]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880]
R2 lxbf_device;lxbf_device; C:\Windows\system32\lxbfcoms.exe [2007-04-24 537520]
R2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-06-29 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S2 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-26 320760]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-02-16 2736890]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
Tantraka
Regular Member
 
Posts: 25
Joined: January 3rd, 2009, 11:53 pm

Re: Virus is Back

Unread postby Wingman » December 10th, 2009, 8:28 pm

Hi tantraka,
Glad things are a little better... your perseverance is paying off. :)

Please do not make any changes to your system, run any "fix" programs and/or remove any files unless instructed to do so, by me.

Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
    VISTA users must right-click on ERUNT from the menu, select "Run As Administrator", to run the process.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
OTM
  1. Please download OTM.exe...by Old Timer. Save it to your desktop.
  2. Right click on OTM.exe and select Run As Administrator to run it. If Windows UAC prompts, please allow it.
  3. Please copy and paste the text in the Code box below, into OTM (1).
    Please refer to the OTM screen image below, for reference.
    Warning: Do not type it out... errors could damage your machine.
    Code: Select all
    :Processes
    :Files
    C:\Program Files\GustoSoft\Ace DivX Player\eBayShortcuts.exe
    C:\Users\Owner\Downloads\dxplayer_setup_21.exe 
    C:\ProgramData\Spybot - Search & Destroy\Recovery\ZangoShoppingReport14.zip 
    C:\ProgramData\Spybot - Search & Destroy\Recovery\ZangoShoppingReport4.zip 
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\ZangoShoppingReport14.zip 
    C:\Users\All Users\Spybot - Search & Destroy\Recovery\ZangoShoppingReport4.zip 
    :Commands
    [EmptyTemp]
    [Start Explorer]
    [Reboot]

    Please refer to this image to use OTM.

    Image

  4. Click on MoveIt! (2)
  5. The end results of the processing will be in 2 places:
    • The Results window on the right side of the OTM screen.
    • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"
  6. Copy all the text from the Results window... Open Notepad, paste the OTM results into the Notepad file, save it on your desktop.
  7. Click Exit (3) when done.
  8. Please paste the entire content from the OTM (Results) window (Notepad file) or the OTM log file, in your next reply.
NOTE: If your computer did not automatically reboot... please reboot it (normally) now!

Step 3.
GooredFix
Please download GooredFix...by jpshortstuff.
Save it to your desktop. Alternate site.
  1. Ensure ALL Firefox windows are closed.
  2. Double click GooredFix.exe... if you don't get a UAC prompt then... Right-click GooredFix.exe, select Run As Administrator.
  3. When prompted to run the scan, click Yes.
    GooredFix will check for infections, and then a log file will open... named "GooredFix.txt".
  4. Please copy and paste the contents of the GooredFix.txt file in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTM scan results
  3. GooredFix.txt file contents
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Virus is Back

Unread postby Tantraka » December 10th, 2009, 9:11 pm

Everything went smoothly and computer seems better.
No more pop-ups or alerts from WinPatrol and most websites have started working normally.
Here are the two logs

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Program Files\GustoSoft\Ace DivX Player\eBayShortcuts.exe moved successfully.
C:\Users\Owner\Downloads\dxplayer_setup_21.exe moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\ZangoShoppingReport14.zip moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery\ZangoShoppingReport4.zip moved successfully.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\ZangoShoppingReport14.zip not found.
File/Folder C:\Users\All Users\Spybot - Search & Destroy\Recovery\ZangoShoppingReport4.zip not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 148791 bytes
->Temporary Internet Files folder emptied: 48106164 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 81572678 bytes
->Apple Safari cache emptied: 1068974 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 3945 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 124.90 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12102009_190246

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

GooredFix by jpshortstuff (06.12.09.1)
Log created at 19:10 on 10/12/2009 (Owner)
Firefox version 3.0.15 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:15 18/08/2008]

C:\Users\Owner\Application Data\Mozilla\Firefox\Profiles\6yquhpdz.default\extensions\
battlefieldheroespatcher@ea.com [20:56 15/09/2009]
CSLauncher@cyberstep.com [15:30 19/09/2009]
searchrecs@veoh.com [01:54 14/10/2009]
{20a82645-c095-46ed-80e3-08825760534b} [20:24 02/09/2009]
{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD} [17:54 10/01/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [02:04 18/01/2009]

-=E.O.F=-
Tantraka
Regular Member
 
Posts: 25
Joined: January 3rd, 2009, 11:53 pm

Re: Virus is Back

Unread postby Wingman » December 11th, 2009, 4:46 pm

Hi tantraka,
Sounds good... let's continue.

I would like to run another online scan, a different one this time, to make sure there is nothing hiding. I also want you to update an application, one that poses a security risk, unless it's kept current. I'm also asking for another RSIT Full re-run... please note the changes to the instructions.

Please do not make any changes to your system, run any "fix" programs and/or remove any files unless instructed to do so, by me.
Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
Java Update Needed!
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of Java components and update:

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD UPDATED VERSION
  1. Get the latest version of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  3. Click the "Download" button to the right.
  4. Select your Platform: "Windows"... then check "I agree to the (current update version) License Agreement.".
  5. Click Continue and the page will refresh.
  6. Locate the entry for Windows Offline Installation and click on the file name, save the file to your desktop.
    Dial-up users: You may want to check the "Windows Offline Installation" box and opt to use...
    "Download Selected with Sun Download Manager". The download can be restarted, in case it's interrupted.
<STOP> Do not install the new version of Java yet. We need to do some cleanup first!

REMOVE OLD JAVA VERSIONS
  1. Close any programs you may have running - especially your web browser.
  2. Go to Start > Settings > Control Panel.
  3. Double-click on Add/Remove Programs ...
  4. Locate: Java(TM) SE Runtime Environment 6
  5. Click the Remove or Change/Remove button...follow any onscreen instructions for the Java uninstaller.
  6. When all Java components are removed... Exit Add/remove Programs and Control Panel.

INSTALL UPDATED VERSION
  1. Close all open applications (standard), especially your browser.
  2. From desktop... double-click on jre-6u17-windows-i586.exe to install the newest version.
    VISTA users: right-click on the above file, select "Run As Administrator" to install the newest version.
  3. Follow the on-screen directions...when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel... click on the JAVA icon.
  2. Press the Update tab... UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK... then close the Java Control Panel. close and exit Control Panel.
If you choose to update via the Java applet in Control Panel, uncheck the option to install the Google Toolbar unless you want it.

Step 2.
Kaspersky Online Scanner.
Vista users:
Please right-click either the IE or FF Start Menu or Quick Launch Bar icons... select Run As Administrator from the context menu.

Please go to Kaspersky Online Virus Scanner © Kaspersky Lab to perform an online antivirus scan.
  1. Read the "Advantages - Requirements and Limitations" then press... the ACCEPT...button.
    The latest program and definition files will be downloaded. It takes time, please be patient, let it finish.
  2. Once the files have been downloaded, click on the SETTINGS...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the SAVE...button, if you made any changes.
  3. Now under the Scan section on the left:
      Select My Computer
    The program will start scanning your system. This takes a while, be patient... let it run.
    Once the scan is complete it will display if your system has been infected.
  4. Save the scan results as a Text file ... save it to your desktop.
  5. Copy and paste the saved scan results file in your next reply.

Step 3.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.
Attention!
In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (Both logs can be found in the C:\RSIT folder.)

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. KAS scan results.
  3. RSIT log.txt and info.txt file contents
  4. Any problems with your computer now?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Virus is Back

Unread postby Tantraka » December 13th, 2009, 1:03 am

Sorry it took awhile to get back to you but here is all the information. My computer is also running normally it seems :)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, December 12, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, December 12, 2009 19:03:02
Records in database: 3363945
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\
P:\
Q:\
R:\
S:\

Scan statistics:
Objects scanned: 358573
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 05:35:21


File name / Threat / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Users\Owner\Downloads\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\fidetiga\fidetiga.dll Infected: Trojan.Win32.Monder.cvgy 1
C:\_OTM\MovedFiles\12092009_224037\C_ProgramData\wotaheka\wotaheka.dll Infected: Trojan.Win32.Monder.cvgy 1

Selected area has been scanned.


Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-12-12 22:52:37
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 40 GB (14%) free of 295 GB
Total RAM: 2021 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:46 PM, on 12/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Users\Owner\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... P&M=GM5420
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GM5420
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... P&M=GM5420
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_S7017.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [EPSON NX410 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_S9088.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1553491668-2783746715-2578131821-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9131 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{93C58487-1B04-4A3C-B209-304F778C35D1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\google\BAE.dll [2006-02-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-12 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-12-12 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-12-12 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-12-12 81920]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-02 303104]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-10 86960]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"dcmsvc"=C:\Program Files\dcmsvc\dcmsvc.exe [2009-04-07 30440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-12 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-10 218032]
"EPSON NX410 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE [2008-10-01 199680]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-10-05 2075384]
"EPSON NX410 Series (Copy 1)"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE [2008-10-01 199680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
Warner Bros.lnk - C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-12-12 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-12-12 22:52:37 ----D---- C:\rsit
2009-12-12 09:06:06 ----A---- C:\Windows\system32\javaws.exe
2009-12-12 09:06:06 ----A---- C:\Windows\system32\javaw.exe
2009-12-12 09:06:06 ----A---- C:\Windows\system32\java.exe
2009-12-12 09:06:06 ----A---- C:\Windows\system32\deploytk.dll
2009-12-12 09:01:28 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-12 09:01:23 ----A---- C:\Windows\system32\httpapi.dll
2009-12-11 18:19:19 ----D---- C:\Program Files\dcmsvc
2009-12-11 18:19:03 ----D---- C:\Users\Owner\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
2009-12-11 18:18:56 ----D---- C:\Program Files\Warner Bros. Digital Copy Manager
2009-12-11 18:18:53 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-12-10 16:34:12 ----D---- C:\Users\Owner\AppData\Roaming\LimeWire
2009-12-09 22:47:54 ----D---- C:\Program Files\ESET
2009-12-09 22:40:37 ----D---- C:\_OTM
2009-12-09 17:12:46 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 17:12:32 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 17:12:31 ----A---- C:\Windows\system32\occache.dll
2009-12-09 17:12:30 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 17:12:29 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 17:12:26 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 17:12:25 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 17:12:24 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 17:12:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 17:12:22 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 17:12:21 ----A---- C:\Windows\system32\ieaksie.dll
2009-12-09 17:12:18 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 17:12:16 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 17:12:15 ----A---- C:\Windows\system32\mstime.dll
2009-12-09 17:12:13 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 17:11:29 ----A---- C:\Windows\system32\rastls.dll
2009-12-09 17:11:28 ----A---- C:\Windows\system32\raschap.dll
2009-12-05 21:39:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-05 21:10:23 ----D---- C:\Windows\ERDNT
2009-12-05 21:08:50 ----D---- C:\Program Files\ERUNT
2009-11-27 12:07:36 ----D---- C:\Program Files\PokerStars.NET
2009-11-26 18:11:10 ----D---- C:\Program Files\kill.switch
2009-11-25 09:48:47 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 17:46:11 ----A---- C:\Windows\system32\msxml6.dll
2009-11-24 17:46:10 ----A---- C:\Windows\system32\msxml3.dll
2009-11-15 20:49:12 ----D---- C:\Users\Owner\AppData\Roaming\Leadertech
2009-11-15 20:27:01 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-11-15 20:26:59 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-11-15 20:26:56 ----A---- C:\Windows\system32\xinput1_3.dll
2009-11-15 20:26:56 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-11-15 20:26:55 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-11-15 20:26:53 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-11-15 20:26:52 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-11-15 20:26:29 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-11-15 20:26:26 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-11-15 20:26:25 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-11-15 20:26:24 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-11-15 20:26:23 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-11-15 20:26:22 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-11-15 20:26:20 ----A---- C:\Windows\system32\d3dx9_24.dll

======List of files/folders modified in the last 1 months======

2009-12-12 22:52:38 ----D---- C:\Windows\Temp
2009-12-12 20:29:21 ----D---- C:\Windows\Tasks
2009-12-12 20:29:13 ----D---- C:\ProgramData\Google Updater
2009-12-12 17:33:00 ----D---- C:\Windows\System32
2009-12-12 17:33:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-12 17:32:59 ----D---- C:\Windows\inf
2009-12-12 17:31:41 ----D---- C:\Windows\Prefetch
2009-12-12 13:31:06 ----D---- C:\Windows\system32\drivers
2009-12-12 09:06:27 ----SHD---- C:\Windows\Installer
2009-12-12 09:06:26 ----SHD---- C:\Config.Msi
2009-12-12 09:05:37 ----SHD---- C:\System Volume Information
2009-12-12 09:05:30 ----D---- C:\Program Files\Java
2009-12-12 09:04:03 ----D---- C:\Program Files\Common Files
2009-12-12 09:03:50 ----D---- C:\Windows\winsxs
2009-12-12 09:03:18 ----D---- C:\Windows\system32\catroot
2009-12-12 09:02:58 ----D---- C:\Windows\system32\catroot2
2009-12-11 18:19:19 ----RD---- C:\Program Files
2009-12-11 18:19:03 ----D---- C:\ProgramData\Adobe
2009-12-11 18:17:46 ----D---- C:\Users\Owner\AppData\Roaming\Adobe
2009-12-10 03:40:44 ----D---- C:\Windows\rescache
2009-12-10 03:23:11 ----D---- C:\Windows\system32\en-US
2009-12-10 03:23:11 ----D---- C:\Program Files\Windows Mail
2009-12-10 03:23:11 ----D---- C:\Program Files\Internet Explorer
2009-12-10 03:06:52 ----D---- C:\ProgramData\Microsoft Help
2009-12-09 22:47:55 ----SD---- C:\Windows\Downloaded Program Files
2009-12-09 22:40:41 ----HD---- C:\ProgramData
2009-12-05 21:38:49 ----D---- C:\Program Files\Mozilla Firefox
2009-12-05 21:36:38 ----D---- C:\WINDOWS
2009-12-03 18:16:04 ----D---- C:\Windows\Minidump
2009-12-01 14:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-26 20:24:17 ----D---- C:\Program Files\Common Files\Steam
2009-11-26 18:09:55 ----D---- C:\Program Files\SystemRequirementsLab
2009-11-26 18:09:49 ----D---- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
2009-11-26 13:28:57 ----D---- C:\Downloads
2009-11-26 12:59:28 ----D---- C:\Program Files\Steam
2009-11-25 11:28:26 ----D---- C:\AeriaGames
2009-11-15 20:27:03 ----D---- C:\Program Files\EA SPORTS
2009-11-15 20:26:52 ----RSD---- C:\Windows\assembly
2009-11-14 07:34:13 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-14 07:33:40 ----D---- C:\Program Files\Microsoft Works
2009-11-14 07:30:24 ----A---- C:\Windows\win.ini
2009-11-14 07:30:21 ----D---- C:\Program Files\Common Files\System

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 8704]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-16 214912]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2006-10-30 44416]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2007-06-20 267264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2008-08-09 5504]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-02 812032]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC); C:\Windows\system32\DRIVERS\xcbda.sys [2006-11-17 147328]
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2003-04-17 68672]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\User [2008-08-09 2]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HookProtect;HookProtect; \??\C:\STEPS\element\HookProtect.sys [2009-04-12 215552]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys []
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-18 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S3 XDva214;XDva214; \??\C:\Windows\system32\XDva214.sys []
S3 XDva262;XDva262; \??\C:\Windows\system32\XDva262.sys []
S3 XDva288;XDva288; \??\C:\Windows\system32\XDva288.sys []
S3 XDva294;XDva294; \??\C:\Windows\system32\XDva294.sys []
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [2009-02-26 1547264]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880]
R2 lxbf_device;lxbf_device; C:\Windows\system32\lxbfcoms.exe [2007-04-24 537520]
R2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-06-29 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S2 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-26 320760]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-02-16 2736890]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-12-12 22:52:53

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Ace DivX Player v2.1-->"C:\Program Files\GustoSoft\Ace DivX Player\unins000.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Reader Korean Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-7E8A45000001}
Adobe Shockwave Player-->C:\WINDOWS\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audiosurf Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12910
Audition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D281B1C-BF39-4893-B32A-EAB3B84BDE34}\setup.exe" -l0x9 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Battlefield Heroes-->"C:\Program Files\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files\EA Games\Battlefield Heroes\Uninstall.xml"
Battleswarm: Field of Honor-->C:\Program Files\Reality Gap\Battleswarm\Uninstall.exe
Bejeweled 2 Deluxe-->"C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
BigFix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Blasterball 3-->"C:\Program Files\Gateway Games\Blasterball 3\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BrightShadow-->C:\Program Files\InstallShield Installation Information\{68A6DB8D-478D-41C9-BE5C-43B2C4E9C143}\setup.exe -runfromtemp -l0x0009 -removeonly
Browser Address Error Redirector-->regsvr32 /u /s "c:\google\BAE.dll"
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Chuzzle Deluxe-->"C:\Program Files\Gateway Games\Chuzzle Deluxe\Uninstall.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
dcmsvc 1.0-->"C:\Program Files\dcmsvc\unins000.exe"
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61} /l1033
Diner Dash-->"C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"
DivX 4.12 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dynasty Warriors 6-->MsiExec.exe /X{7506D1CD-B7FE-40C7-AE1F-FE8666361700}
EA SPORTS online 2008-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EPSON NX410 Series Printer Uninstall-->C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSFCA.EXE /R /APD /P:"EPSON NX410 Series"
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
Finale Viewer 2008-->C:\Program Files\Finale Viewer 2008\uninstallFinViewer.exe
Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
Frets On Fire-->"C:\Program Files\Frets on Fire\Uninstall.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameTracker Lite-->C:\Program Files\GameTracker\gametracker-uninst.exe
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
Gateway Game Console-->"C:\Program Files\Gateway Games\Gateway Game Console\Uninstall.exe"
Gateway Recovery Center Installer-->MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Graboid Video 1.65-->C:\Program Files\Graboid\uninst.exe
Grand Fantasia-->C:\AeriaGames\GrandFantasia\Uninst.exe
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hunting Unlimited-->C:\Windows\IsUninst.exe -f"C:\Program Files\Hunting Unlimited\Uninst.isu"
ijji REACTOR-->"C:\Program Files\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Insurgency-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17700
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Management Engine Interface-->C:\Windows\system32\heciudlg.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) Viiv(TM) Software-->MsiExec.exe /X{26C610BF-761B-4209-BD6A-A0F1B73D6DDE} /qb!
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
JEOPARDY-->"C:\Program Files\Gateway Games\JEOPARDY\Uninstall.exe"
kill.switch-->C:\PROGRA~1\KILL~1.SWI\UNWISE.EXE C:\PROGRA~1\KILL~1.SWI\INSTALL.LOG
Killing Floor-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1250
K-Lite Codec Pack 3.2.5 Standard-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Lexmark X6100 Series-->C:\Program Files\Lexmark X6100 Series\Install\x86\Uninst.exe
Madden NFL 08-->C:\Program Files\EA Sports\Madden NFL 08\EAUninstall.exe
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=12
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP4 Player -->C:\Program Files\MP4 Player\uninst.exe
MPlugin-->"C:\Program Files\InstallShield Installation Information\{6102D63A-9387-4FC8-98E4-181121F8C0BA}\setup.exe" -runfromtemp -l0x0009 -removeonly
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Musicnotes Player V1.23.1-->"C:\Program Files\Musicnotes\Player\unins000.exe"
Neffy 1,2,0,22-->C:\Program Files\Neffy\uninst.exe
Neo Steam : The Shattered Continent-->C:\Games\Neo Steam\uninst.exe
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Penguins!-->"C:\Program Files\Gateway Games\Penguins!\Uninstall.exe"
Plain Sight-->MsiExec.exe /I{A4957F2C-A8C1-4575-A5C7-78BCDA42A83A}
PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
Polar Bowler-->"C:\Program Files\Gateway Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\Gateway Games\Polar Golfer\Uninstall.exe"
Power2Go 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
SBC Yahoo! DSL Home Networking Installer-->C:\Program Files\2Wire\Uninstaller.exe
Scions Of Fate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA3C53B8-49B0-41CF-9D5C-D96A7FCBD029}\setup.exe" -l0x9 -removeonly
SCRABBLE-->"C:\Program Files\Gateway Games\SCRABBLE\Uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Smash Online 1.0-->C:\Gamigo Games\Smash Online\uninst.exe
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_HSF\UIU32m.exe -U -I*.INF
Soul of the Ultimate Nation-->C:\Program Files\InstallShield Installation Information\{4B22DD86-47B1-4454-BFF7-64FCA3D0631C}\setup.exe -runfromtemp -l0x0009 -removeonly
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
TalesRunner 1.58720081016-->C:\Program Files\gpotato\TalesRunner\uninst.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims Complete Collection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\Setup.exe" -l0x9 -l0009
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Uniblue RegistryBooster 2009-->"C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warner Bros. Digital Copy Manager-->msiexec /qb /x {0E6EC2D7-5C9B-28B7-C848-171EDACB9625}
Warner Bros. Digital Copy Manager-->MsiExec.exe /I{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}
Windows Driver Package - ViXS Systems Inc. ViXS PureTV-U (11/17/2006 6.2.77.1)-->C:\PROGRA~1\DIFX\2B7BF24833E54BA6\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\xcbda.inf_80d7a2b2\xcbda.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WYDGLOBAL (remove only)-->"C:\GameNetworks\WYDGLOBAL\uninstall.exe"

=====HijackThis Backups=====

O4 - HKCU\..\Run: [ares vista] "C:\Program Files\Ares Vista\AresVista.exe" -h
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

======Security center information======

AS: Windows Defender (disabled)

System event log

Computer Name: Phong-PC
Event Code: 7036
Message: The Microsoft Software Shadow Copy Provider service entered the running state.
Record Number: 164614
Source Name: Service Control Manager
Time Written: 20091213021504.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 7036
Message: The Volume Shadow Copy service entered the stopped state.
Record Number: 164615
Source Name: Service Control Manager
Time Written: 20091213021810.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 7036
Message: The Microsoft Software Shadow Copy Provider service entered the stopped state.
Record Number: 164616
Source Name: Service Control Manager
Time Written: 20091213022110.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 7036
Message: The Google Software Updater service entered the running state.
Record Number: 164617
Source Name: Service Control Manager
Time Written: 20091213022900.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 7036
Message: The Google Software Updater service entered the stopped state.
Record Number: 164618
Source Name: Service Control Manager
Time Written: 20091213023011.000000-000
Event Type: Information
User:

Application event log

Computer Name: Phong-PC
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Record Number: 38416
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20091212233300.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 8224
Message: The VSS service is shutting down due to idle timeout.
Record Number: 38417
Source Name: VSS
Time Written: 20091213021810.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 0
Message:
Record Number: 38418
Source Name: gusvc
Time Written: 20091213022900.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 0
Message:
Record Number: 38419
Source Name: gusvc
Time Written: 20091213023011.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 0
Message:
Record Number: 38420
Source Name: DQLWinService
Time Written: 20091213045249.000000-000
Event Type: Information
User:

Security event log

Computer Name: Phong-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 60273
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091210092438.250000-000
Event Type: Audit Success
User:

Computer Name: Phong-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: PHONG-PC$
Account Domain: HOME
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x280
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 60274
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091210092438.265625-000
Event Type: Audit Success
User:

Computer Name: Phong-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: PHONG-PC$
Account Domain: HOME
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x280
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 60275
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091210092438.265625-000
Event Type: Audit Success
User:

Computer Name: Phong-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 60276
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091210092438.265625-000
Event Type: Audit Success
User:

Computer Name: Phong-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: PHONG-PC$
Account Domain: HOME
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x280
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 60277
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091210092438.781250-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------
Tantraka
Regular Member
 
Posts: 25
Joined: January 3rd, 2009, 11:53 pm

Re: Virus is Back

Unread postby Wingman » December 13th, 2009, 2:59 pm

Hi tantraka,
Glad the computer is behaving better for you. There are still a few things we need to do, so stay with me.
Just so you will know, the KAS scan references to the mirc.exe and mirc635.exe files are more a warning that these kinds of programs can be a portal for malware to enter your system. The other 2 files are ones we moved earlier and we'll remove them a little later.

Continued use of P2P programs like Limewire, will ensure you continue to get infected! Some of the most maliciuos malware can be attributed to downloaded files using these type programs.

I noticed evidence of some new software added, please do not add or remove any software, run any fix programs or delete any files unless I ask you to do so. This causes additional research to be performed.
I'm going to have you update the version of Adobe Reader you have. This poses a security risk, unless kept up-to-date. Your version of FireFox (3.0.1.5) is also out dated. This can also be a security risk and lead to browser instability. You should update to the latest version, but NOT until we are finished.

Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

You may want to print these instructions, you will be closing and re-opening your browser.

Step 1.
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.
I'm not asking you to update the Adobe Acrobat installation... this can be quite costly. I am going to insist that you update your Adobe Reader software.
Then use the Reader for viewing PDF files... you can use the Acrobat software for your other needs.

Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the: Free McAfee Security Scan.
  1. Click the yellow "Download now"... button. If you don't already have Adobe DLM... you may receive a prompt...
  2. If prompted to install "Adobe DLM" This software is not a requirement to obtain the latest Adobe Reader software...so the choice is yours.
    The Adobe (DLM) Download Manager... allows you to "pick up where you left off", if your download process is interrupted. A good idea if you are using dial-up.
    If you choose to install Adobe DLM, it will start the download automatically. Adobe DLM software removal instructions available here...if wanted.
  3. If not using Adobe DLM...click on the highlighted "click here to download" text, to begin the Reader download.
    Save the file to your desktop.
    Uninstall OLD Adobe Reader
  4. Click on Start...then... Click the Start Search box on the Start Menu.
  5. Copy and paste control appwiz.cpl into the open text entry box.
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  6. Locate the following program(s):
    Adobe Reader 7.0.8
  7. Select the program and click on Uninstall to uninstall it.
  8. When finished... Close the Control Panel window.
    Install NEW Adobe Reader
  9. Click on the Adobe Acrobat Reader (AdbeRdrxx_en_US.exe) icon, on your desktop... to install the new (free) version.
    The Adobe Reader download file name will be different, depending on the language or OS chosen. xx in the name = version numbers.
  10. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  11. When the installation is complete... Close and re-open your Internet browser.

As an alternate to Adobe Reader, you could try the free (for personal use) Foxit-Reader. It's a smaller download and when installed, uses less resources than Adobe Reader. Note: Let me know if interested in Foxit-Reader and I will provide safe download and installation instructions.

Step 2.
OTM
  1. Please download OTM.exe...by Old Timer. Save it to your desktop.
  2. Right click on OTM.exe and select Run As Administrator to run it. If Windows UAC prompts, please allow it.
  3. Please copy and paste the text in the Code box below, into OTM (1).
    Please refer to the OTM screen image below, for reference.
    Warning: Do not type it out... errors could damage your machine.
    Code: Select all
    :Processes
    :Files
    C:\Users\Owner\AppData\Roaming\LimeWire
    :Commands
    [EmptyTemp]
    [Start Explorer]
    [Reboot]
    


    Please refer to this image to use OTM.

    Image

  4. Click on MoveIt! (2)
  5. The end results of the processing will be in 2 places:
    • The Results window on the right side of the OTM screen.
    • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"
  6. Copy all the text from the Results window... Open Notepad, paste the OTM results into the Notepad file, save it on your desktop.
  7. Click Exit (3) when done.
  8. Please paste the entire content from the OTM (Results) window (Notepad file) or the OTM log file, in your next reply.
NOTE: If your computer did not automatically reboot... please reboot it (normally) now!

Step 3.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.

Attention!
In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTM scan results.
  3. RSIT log.txt and info.txt file contents
  4. Any problems with computer now?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Virus is Back

Unread postby Wingman » December 15th, 2009, 4:03 pm

3 Day Response
It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Virus is Back

Unread postby Tantraka » December 15th, 2009, 10:10 pm

Sorry for the late response, my internet went down about a day ago so I haven't been able to get back to you. Sorry!
I will get the logs up as soon as possible (within 24 hours most likely)
Tantraka
Regular Member
 
Posts: 25
Joined: January 3rd, 2009, 11:53 pm

Re: Virus is Back

Unread postby Tantraka » December 16th, 2009, 12:57 am

Whew sorry for the late response again but got everything!
The computer is acting normally now so hopefully its clear of the virus but here are the logs :)

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Users\Owner\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\certificate folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\browser folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\Owner\AppData\Roaming\LimeWire folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 655637832 bytes
->Temporary Internet Files folder emptied: 648242 bytes
->Java cache emptied: 13826767 bytes
->FireFox cache emptied: 86910276 bytes
->Apple Safari cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1578489 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 24950267 bytes

Total Files Cleaned = 747.28 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12152009_222506

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-12-15 22:47:43
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 39 GB (13%) free of 295 GB
Total RAM: 2021 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:12 PM, on 12/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Users\Owner\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... P&M=GM5420
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GM5420
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... P&M=GM5420
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_S7017.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [EPSON NX410 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE /FU "C:\Windows\TEMP\E_S9088.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1553491668-2783746715-2578131821-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: lxbf_device - - C:\Windows\system32\lxbfcoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9309 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{93C58487-1B04-4A3C-B209-304F778C35D1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\google\BAE.dll [2006-02-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-12 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-12-12 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-12-12 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-12-12 81920]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-02 303104]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-10 86960]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"dcmsvc"=C:\Program Files\dcmsvc\dcmsvc.exe [2009-04-07 30440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-12 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-10 218032]
"EPSON NX410 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE [2008-10-01 199680]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-10-05 2075384]
"EPSON NX410 Series (Copy 1)"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCA.EXE [2008-10-01 199680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
Warner Bros.lnk - C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-12-12 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-12-15 22:47:43 ----D---- C:\rsit
2009-12-15 21:57:51 ----D---- C:\Program Files\e-Sword
2009-12-15 21:57:51 ----D---- C:\Program Files\Common Files\EzTools
2009-12-15 20:24:13 ----HD---- C:\Program Files\Zero G Registry
2009-12-12 09:06:06 ----A---- C:\Windows\system32\javaws.exe
2009-12-12 09:06:06 ----A---- C:\Windows\system32\javaw.exe
2009-12-12 09:06:06 ----A---- C:\Windows\system32\java.exe
2009-12-12 09:06:06 ----A---- C:\Windows\system32\deploytk.dll
2009-12-12 09:01:28 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-12 09:01:23 ----A---- C:\Windows\system32\httpapi.dll
2009-12-11 18:19:19 ----D---- C:\Program Files\dcmsvc
2009-12-11 18:19:03 ----D---- C:\Users\Owner\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
2009-12-11 18:18:56 ----D---- C:\Program Files\Warner Bros. Digital Copy Manager
2009-12-11 18:18:53 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-12-09 22:47:54 ----D---- C:\Program Files\ESET
2009-12-09 22:40:37 ----D---- C:\_OTM
2009-12-09 17:12:46 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 17:12:32 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 17:12:31 ----A---- C:\Windows\system32\occache.dll
2009-12-09 17:12:30 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 17:12:29 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 17:12:26 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 17:12:25 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 17:12:24 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 17:12:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 17:12:22 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 17:12:21 ----A---- C:\Windows\system32\ieaksie.dll
2009-12-09 17:12:18 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 17:12:16 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 17:12:15 ----A---- C:\Windows\system32\mstime.dll
2009-12-09 17:12:13 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 17:11:29 ----A---- C:\Windows\system32\rastls.dll
2009-12-09 17:11:28 ----A---- C:\Windows\system32\raschap.dll
2009-12-05 21:39:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-05 21:10:23 ----D---- C:\Windows\ERDNT
2009-12-05 21:08:50 ----D---- C:\Program Files\ERUNT
2009-11-27 12:07:36 ----D---- C:\Program Files\PokerStars.NET
2009-11-26 18:11:10 ----D---- C:\Program Files\kill.switch
2009-11-25 09:48:47 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 17:46:11 ----A---- C:\Windows\system32\msxml6.dll
2009-11-24 17:46:10 ----A---- C:\Windows\system32\msxml3.dll

======List of files/folders modified in the last 1 months======

2009-12-15 22:48:05 ----D---- C:\Windows\Temp
2009-12-15 22:47:18 ----D---- C:\Windows\Tasks
2009-12-15 22:45:15 ----RD---- C:\Program Files
2009-12-15 22:45:15 ----HD---- C:\ProgramData
2009-12-15 22:44:31 ----SHD---- C:\Config.Msi
2009-12-15 22:33:51 ----SHD---- C:\System Volume Information
2009-12-15 22:23:37 ----SHD---- C:\Windows\Installer
2009-12-15 22:23:28 ----D---- C:\Windows\system32\catroot2
2009-12-15 21:57:55 ----D---- C:\Windows\System32
2009-12-15 21:57:51 ----RSD---- C:\Windows\Fonts
2009-12-15 21:57:51 ----D---- C:\Program Files\Common Files
2009-12-15 20:24:14 ----D---- C:\Windows\Prefetch
2009-12-15 20:19:21 ----D---- C:\ProgramData\Adobe
2009-12-15 20:18:19 ----D---- C:\Program Files\Common Files\Adobe
2009-12-15 20:17:55 ----D---- C:\Program Files\Adobe
2009-12-15 17:57:37 ----D---- C:\Windows\inf
2009-12-15 17:57:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-15 15:23:59 ----D---- C:\ProgramData\Google Updater
2009-12-12 13:31:06 ----D---- C:\Windows\system32\drivers
2009-12-12 09:05:30 ----D---- C:\Program Files\Java
2009-12-12 09:03:50 ----D---- C:\Windows\winsxs
2009-12-12 09:03:18 ----D---- C:\Windows\system32\catroot
2009-12-11 18:17:46 ----D---- C:\Users\Owner\AppData\Roaming\Adobe
2009-12-10 03:40:44 ----D---- C:\Windows\rescache
2009-12-10 03:23:11 ----D---- C:\Windows\system32\en-US
2009-12-10 03:23:11 ----D---- C:\Program Files\Windows Mail
2009-12-10 03:23:11 ----D---- C:\Program Files\Internet Explorer
2009-12-10 03:06:52 ----D---- C:\ProgramData\Microsoft Help
2009-12-09 22:47:55 ----SD---- C:\Windows\Downloaded Program Files
2009-12-05 21:38:49 ----D---- C:\Program Files\Mozilla Firefox
2009-12-05 21:36:38 ----D---- C:\WINDOWS
2009-12-03 18:16:04 ----D---- C:\Windows\Minidump
2009-12-01 14:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-26 20:24:17 ----D---- C:\Program Files\Common Files\Steam
2009-11-26 18:09:55 ----D---- C:\Program Files\SystemRequirementsLab
2009-11-26 18:09:49 ----D---- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
2009-11-26 13:28:57 ----D---- C:\Downloads
2009-11-26 12:59:28 ----D---- C:\Program Files\Steam
2009-11-25 11:28:26 ----D---- C:\AeriaGames

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-29 8704]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-16 214912]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2006-10-30 44416]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2007-06-20 267264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2008-08-09 5504]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-02 812032]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC); C:\Windows\system32\DRIVERS\xcbda.sys [2006-11-17 147328]
S3 2WIREPCP;2Wire USB; C:\Windows\system32\DRIVERS\2WirePCP.sys [2003-04-17 68672]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\User [2008-08-09 2]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HookProtect;HookProtect; \??\C:\STEPS\element\HookProtect.sys [2009-04-12 215552]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys []
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-18 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 XDva189;XDva189; \??\C:\Windows\system32\XDva189.sys []
S3 XDva214;XDva214; \??\C:\Windows\system32\XDva214.sys []
S3 XDva262;XDva262; \??\C:\Windows\system32\XDva262.sys []
S3 XDva288;XDva288; \??\C:\Windows\system32\XDva288.sys []
S3 XDva294;XDva294; \??\C:\Windows\system32\XDva294.sys []
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [2009-02-26 1547264]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880]
R2 lxbf_device;lxbf_device; C:\Windows\system32\lxbfcoms.exe [2007-04-24 537520]
R2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-06-29 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S2 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-26 320760]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-02-16 2736890]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-12-15 22:48:15

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Ace DivX Player v2.1-->"C:\Program Files\GustoSoft\Ace DivX Player\unins000.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Reader Korean Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-7E8A45000001}
Adobe Shockwave Player-->C:\WINDOWS\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audiosurf Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12910
Audition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D281B1C-BF39-4893-B32A-EAB3B84BDE34}\setup.exe" -l0x9 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Battlefield Heroes-->"C:\Program Files\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files\EA Games\Battlefield Heroes\Uninstall.xml"
Battleswarm: Field of Honor-->C:\Program Files\Reality Gap\Battleswarm\Uninstall.exe
Bejeweled 2 Deluxe-->"C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
BigFix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Blasterball 3-->"C:\Program Files\Gateway Games\Blasterball 3\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BrightShadow-->C:\Program Files\InstallShield Installation Information\{68A6DB8D-478D-41C9-BE5C-43B2C4E9C143}\setup.exe -runfromtemp -l0x0009 -removeonly
Browser Address Error Redirector-->regsvr32 /u /s "c:\google\BAE.dll"
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
Chuzzle Deluxe-->"C:\Program Files\Gateway Games\Chuzzle Deluxe\Uninstall.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
dcmsvc 1.0-->"C:\Program Files\dcmsvc\unins000.exe"
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61} /l1033
Diner Dash-->"C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"
DivX 4.12 Codec-->"C:\Program Files\DivXCodec\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dynasty Warriors 6-->MsiExec.exe /X{7506D1CD-B7FE-40C7-AE1F-FE8666361700}
EA SPORTS online 2008-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EPSON NX410 Series Printer Uninstall-->C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FINSFCA.EXE /R /APD /P:"EPSON NX410 Series"
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
e-Sword-->MsiExec.exe /I{5C0856B6-6260-4952-8FF5-C79C3FD3AA44}
FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
Finale Viewer 2008-->C:\Program Files\Finale Viewer 2008\uninstallFinViewer.exe
Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
Frets On Fire-->"C:\Program Files\Frets on Fire\Uninstall.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameTracker Lite-->C:\Program Files\GameTracker\gametracker-uninst.exe
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
Gateway Game Console-->"C:\Program Files\Gateway Games\Gateway Game Console\Uninstall.exe"
Gateway Recovery Center Installer-->MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Graboid Video 1.65-->C:\Program Files\Graboid\uninst.exe
Grand Fantasia-->C:\AeriaGames\GrandFantasia\Uninst.exe
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hunting Unlimited-->C:\Windows\IsUninst.exe -f"C:\Program Files\Hunting Unlimited\Uninst.isu"
ijji REACTOR-->"C:\Program Files\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Insurgency-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17700
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Management Engine Interface-->C:\Windows\system32\heciudlg.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) Viiv(TM) Software-->MsiExec.exe /X{26C610BF-761B-4209-BD6A-A0F1B73D6DDE} /qb!
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
JEOPARDY-->"C:\Program Files\Gateway Games\JEOPARDY\Uninstall.exe"
kill.switch-->C:\PROGRA~1\KILL~1.SWI\UNWISE.EXE C:\PROGRA~1\KILL~1.SWI\INSTALL.LOG
Killing Floor-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1250
K-Lite Codec Pack 3.2.5 Standard-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Lexmark X6100 Series-->C:\Program Files\Lexmark X6100 Series\Install\x86\Uninst.exe
Madden NFL 08-->C:\Program Files\EA Sports\Madden NFL 08\EAUninstall.exe
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=12
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP4 Player -->C:\Program Files\MP4 Player\uninst.exe
MPlugin-->"C:\Program Files\InstallShield Installation Information\{6102D63A-9387-4FC8-98E4-181121F8C0BA}\setup.exe" -runfromtemp -l0x0009 -removeonly
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Musicnotes Player V1.23.1-->"C:\Program Files\Musicnotes\Player\unins000.exe"
Neffy 1,2,0,22-->C:\Program Files\Neffy\uninst.exe
Neo Steam : The Shattered Continent-->C:\Games\Neo Steam\uninst.exe
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Penguins!-->"C:\Program Files\Gateway Games\Penguins!\Uninstall.exe"
Plain Sight-->MsiExec.exe /I{A4957F2C-A8C1-4575-A5C7-78BCDA42A83A}
PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
Polar Bowler-->"C:\Program Files\Gateway Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\Gateway Games\Polar Golfer\Uninstall.exe"
Power2Go 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
SBC Yahoo! DSL Home Networking Installer-->C:\Program Files\2Wire\Uninstaller.exe
Scions Of Fate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA3C53B8-49B0-41CF-9D5C-D96A7FCBD029}\setup.exe" -l0x9 -removeonly
SCRABBLE-->"C:\Program Files\Gateway Games\SCRABBLE\Uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Smash Online 1.0-->C:\Gamigo Games\Smash Online\uninst.exe
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_HSF\UIU32m.exe -U -I*.INF
Soul of the Ultimate Nation-->C:\Program Files\InstallShield Installation Information\{4B22DD86-47B1-4454-BFF7-64FCA3D0631C}\setup.exe -runfromtemp -l0x0009 -removeonly
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
TalesRunner 1.58720081016-->C:\Program Files\gpotato\TalesRunner\uninst.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims Complete Collection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\Setup.exe" -l0x9 -l0009
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Uniblue RegistryBooster 2009-->"C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warner Bros. Digital Copy Manager-->msiexec /qb /x {0E6EC2D7-5C9B-28B7-C848-171EDACB9625}
Warner Bros. Digital Copy Manager-->MsiExec.exe /I{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}
Windows Driver Package - ViXS Systems Inc. ViXS PureTV-U (11/17/2006 6.2.77.1)-->C:\PROGRA~1\DIFX\2B7BF24833E54BA6\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\xcbda.inf_80d7a2b2\xcbda.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WYDGLOBAL (remove only)-->"C:\GameNetworks\WYDGLOBAL\uninstall.exe"

=====HijackThis Backups=====

O4 - HKCU\..\Run: [ares vista] "C:\Program Files\Ares Vista\AresVista.exe" -h
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)

======Security center information======

AS: Windows Defender (disabled)

System event log

Computer Name: Phong-PC
Event Code: 7036
Message: The Security Center service entered the running state.
Record Number: 165801
Source Name: Service Control Manager
Time Written: 20091216044709.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 7036
Message: The Windows Media Center Service Launcher service entered the stopped state.
Record Number: 165802
Source Name: Service Control Manager
Time Written: 20091216044710.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 537
Message: A compatible Trusted Platform Module (TPM) Security Device cannot be found on this computer. TBS could not be started.
Record Number: 165803
Source Name: Microsoft-Windows-TBS
Time Written: 20091216044709.190524-000
Event Type: Information
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Phong-PC
Event Code: 7036
Message: The Windows Update service entered the running state.
Record Number: 165804
Source Name: Service Control Manager
Time Written: 20091216044713.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 7036
Message: The Google Software Updater service entered the stopped state.
Record Number: 165805
Source Name: Service Control Manager
Time Written: 20091216044808.000000-000
Event Type: Information
User:

Application event log

Computer Name: Phong-PC
Event Code: 0
Message:
Record Number: 38748
Source Name: iPod Service
Time Written: 20091216044639.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 0
Message:
Record Number: 38749
Source Name: gusvc
Time Written: 20091216044708.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 1
Message: The Windows Security Center Service has started.
Record Number: 38750
Source Name: SecurityCenter
Time Written: 20091216044709.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 0
Message:
Record Number: 38751
Source Name: gusvc
Time Written: 20091216044808.000000-000
Event Type: Information
User:

Computer Name: Phong-PC
Event Code: 0
Message:
Record Number: 38752
Source Name: DQLWinService
Time Written: 20091216044814.000000-000
Event Type: Information
User:

Security event log

Computer Name: Phong-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: PHONG-PC$
Account Domain: HOME
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x288
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 60759
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091212145940.251922-000
Event Type: Audit Success
User:

Computer Name: Phong-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: PHONG-PC$
Account Domain: HOME
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x288
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 60760
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091212145940.251922-000
Event Type: Audit Success
User:

Computer Name: Phong-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 60761
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091212145940.251922-000
Event Type: Audit Success
User:

Computer Name: Phong-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: PHONG-PC$
Account Domain: HOME
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x288
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 60762
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091212150011.242126-000
Event Type: Audit Success
User:

Computer Name: Phong-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: PHONG-PC$
Account Domain: HOME
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x288
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 60763
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091212150011.242126-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------
Tantraka
Regular Member
 
Posts: 25
Joined: January 3rd, 2009, 11:53 pm

Re: Virus is Back

Unread postby Wingman » December 16th, 2009, 1:53 pm

Hi tantraka,
The computer acting normal... is a good thing. All your logs look good, so your computer appears to be malware free, at this time.
There are some items we need to clean up, so stay with me. Some tools we used are not for everyday use and should be removed.

As mentioned earlier, I strongly urge you to update your browsers, Internet Explorer and Firefox, to the most current versions, (IE 8 and FF 3.5) to provide additional security and stability.
You should also update your Windows Vista OS to the latest service pack, SP2. This provides needed security updates for your system.


Some friendly advice... I mentioned earlier also, that continuing to use P2P programs like Limewire, uTorrent, etc, will more than likely result in your machine becoming infected again. The files on these sites can not be trusted and can bring some of the most malicious malware into your system.

Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
Please locate and remove from your desktop:
GooredFix... program, folders, files, reports should be deleted.
SysProt ... program, folders, files, reports, should be deleted.

Step 2.
OTC
Let's perform some housekeeping and cleanup some of the tools we used.
Please download OTC.exe... by OldTimer. Save it to your desktop.
  1. Right click on OTC.exe and select Run As Administrator.
  2. Click on Allow, then click on CleanUp!.
  3. Click "Yes" to the Begin cleanup process? prompt.
  4. Click "Yes" ... when prompted to reboot the computer to remove files.
Your computer should restart automatically. If it doesn't, please do so manually.

Please follow these simple guidelines in order to help keep your computer more secure:

Create a System Restore Point
  1. Right-click on Computer ... select Properties.
  2. In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.
Now you have a clean restore point to use if you need to restore your system.

Perform Disk Cleanup
Let's do some housekeeping now...
Note: You have to have administrative rights to run Disk Cleanup for all users.
  1. Click the Vista Start... button. Type "disk" (without the quotes) in the Start Search text entry box.
  2. Double click the Disk Cleanup entry, from the matching program list.
  3. In the Disk Cleanup options...select "Files from all users on this computer"
    If the Disk Cleanup: Drive Selection dialog box appears:
    • Select the drive where Windows Vista is installed. (Normally, this would be C:\ drive)
    • Press the "OK"...button.
    Disk Cleanup will begin space saving calculations.
  4. When the calculations are finished... Press the More Options tab.
  5. In the "System Restore and Shadow Copies" section... select "Clean up" button.
  6. Press the "Delete"... button, at the "Are you sure..." prompt.
    Disk Cleanup will begin cleaning up old files and restore points.
  7. Exit Disk Cleanup.
This will remove all restore points except the one you just created..

Update your Antivirus programs and other security products regularly.
Avoid new threats that could infect your system. You can also check if any application updates are needed for your PC.
Secunia Software Inspector - Copyright © Secunia.
F-secure Health Check - Copyright © F-Secure Corporation.

Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
Using Windows Update in Windows Vista
What is Windows Update?
Microsoft Update Home

You can try...some free programs, that will help improve your computer's security.
These kinds of protection programs (adware, spyware, etc...) tend to overlap in coverages.
Many feel that having a "layered" protection scheme, is beneficial. Each individual has to decide what works best for their situation.
There are many available...here are a few you can look into, if you want. :)

Malwarebytes' Anti-Malware
You already have this program installed. Download link provided for convenience.
This is a great program to run on a regular basis, just be sure to check for updates before running a scan.
Download it from Malewarebytes © Malwarebytes Corporation.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

Spybot Search and Destroy
Do not enable Spybot's Teatimer protection, if you have WinPatrol installed. System conflicts can occur.
Download it from © Safer Networking Ltd. Just choose a mirror and off you go.
A Spybot tutorial can be found Here.

SpywareBlaster
If using Internet Explorer 8 and using the SmartScreen Filter, do not install. Can inhibit browser performance.
Download it from © Javacool Software LLC.
A SpywareBlaster knowledgebase can be found Here.

WinPatrol
Do not install if you have installed Spybot Search & Destroy and enabled Teatimer protection. System conflicts can occur.
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here
(The free version of WinPatrol...does not provide any real-time protection)

Firetrust SiteHound
You can find information and download it from © Firetrust Ltd

Read - stay informed.
Please check out these articles:
Tony Klein's "How did I get infected in the first place?"
How to prevent Malware:© miekiemoes - Microsoft MVP - Consumer Security .

Please let me know that you have performed the 2 steps posted and have seen the rest of this post.
Once I receive your reply, I will have this topic closed, as resolved.


Stay Safe! 8)
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Virus is Back

Unread postby Tantraka » December 16th, 2009, 8:04 pm

I have yet to finish the steps due to a new concern and I don't know why as I've done nothing new to my computer. As I started to print a paper, a message from Avast popped up saying a virus had been detected named C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FBA6FCA.DLL I moved it to the chest so hopefully its alright. I'll go ahead and do the other steps within a day.
Thanks again :)
Tantraka
Regular Member
 
Posts: 25
Joined: January 3rd, 2009, 11:53 pm

Re: Virus is Back

Unread postby Wingman » December 17th, 2009, 11:01 am

Hi tantraka,

I believe this is a false positive, being experienced by other Epson printer users as well... have a look at the Avast forum post: http://forum.avast.com/index.php?topic=52281.0

Avast says they have "fixed" the issue and to rescan the file in the chest... the fix was reportedly part of the VPS 091216-1 update.
If you have not updated your version of Avast, I suggest you do so and check to see if you still get the warning.
Unfortunately, these type things can happen with any AV product, especially those that use Heuristics scanning as part of their protection.

If you still have issues with the file, you should report it to Avast, in the same forum referenced above.

Please perform the previously posted steps and let me know when this is done. :)

Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware