Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with trojan services

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help with trojan services

Unread postby Crozmo » October 10th, 2008, 11:18 am

Hello! I found out after a few programs crashed, that I had a few strange services running, i tried disabling them, installing some antivirus to get rid of them, but I think due to the trojans I cant install any antivirus/spyware programs. I usually get an error message saying "corrupt installer".

When I booted in safe mode I was finally able to get a HJT log.

Please malware removal, rid my rig of trojans!

edit: looking at my log, it seems the processes i'm talking about didnt show up, maybe because i disabled them.
anyway here they are "afisicx service, mabidwe service, noytcyr service, perfs service, roytctm service, soxpeca service, tdydowkc service and wsldoekd service"





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:23, on 10.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Programfiler\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETTVERKSTJENESTE')
O13 - Gopher Prefix:
O23 - Service: Statustjeneste for ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 4290 bytes

I also ran Malwarebytes Anti Malware and here's it's results

Malwarebytes' Anti-Malware 1.28
Database versjon: 1251
Windows 6.0.6001 Service Pack 1

10.10.2008 19:18:10
mbam-log-2008-10-10 (19-18-10).txt

Skanntype: Full Skann (C:\|D:\|)
Objekter skannet: 226176
Tid tilbakelagt: 39 minute(s), 1 second(s)

Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 1
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert: 1

Minneprosesser infisert:
(Ingen mistenkelige filer funnet)

Minnemoduler infisert:
(Ingen mistenkelige filer funnet)

Registernøkler infisert:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\perfs (Backdoor.Bot) -> Quarantined and deleted successfully.

Registerverdier infisert:
(Ingen mistenkelige filer funnet)

Registerfiler infisert:
(Ingen mistenkelige filer funnet)

Mapper infisert:
(Ingen mistenkelige filer funnet)

Filer infisert:
C:\Windows\System32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Crozmo
Active Member
 
Posts: 3
Joined: October 10th, 2008, 11:14 am
Advertisement
Register to Remove

Re: Need help with trojan services

Unread postby Shaba » October 13th, 2008, 4:11 am

Hi Crozmo

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Need help with trojan services

Unread postby Crozmo » October 13th, 2008, 12:35 pm

Logfile of random's system information tool 1.04 (written by random/random)
Run by Kristian at 2008-10-13 18:34:59
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 230 GB (75%) free of 305 GB
Total RAM: 6142 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:02, on 13.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.63\aaCenter.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mirc\mIRC - English.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Users\Kristian\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Kristian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETTVERKSTJENESTE')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files (x86)\Adobe Media Player\Adobe Media Player.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6123 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"Ai Nap"=C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe [2008-05-09 1423360]
"QFan Help"=C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [2008-05-06 594432]
"Cpu Level Up help"=C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Media Player.lnk - C:\Program Files (x86)\Adobe Media Player\Adobe Media Player.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-10-13 18:34:59 ----D---- C:\rsit
2008-10-13 10:14:05 ----A---- C:\Windows\system32\javaws.exe
2008-10-13 10:14:05 ----A---- C:\Windows\system32\javaw.exe
2008-10-13 10:14:05 ----A---- C:\Windows\system32\java.exe
2008-10-13 10:13:36 ----D---- C:\Program Files (x86)\Java
2008-10-13 10:13:12 ----D---- C:\Program Files (x86)\Common Files\Java
2008-10-12 20:53:03 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-10-12 20:52:59 ----D---- C:\Users\Kristian\AppData\Roaming\Malwarebytes
2008-10-12 20:52:56 ----D---- C:\ProgramData\Malwarebytes
2008-10-12 20:52:55 ----D---- C:\Users\Kristian\AppData\Roaming\SUPERAntiSpyware.com
2008-10-12 20:52:55 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2008-10-12 20:52:55 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-10-12 20:19:48 ----D---- C:\ProgramData\Lavasoft
2008-10-12 20:19:48 ----D---- C:\Program Files (x86)\Lavasoft
2008-10-12 20:19:18 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-10-12 19:57:27 ----D---- C:\ProgramData\Adobe
2008-10-12 00:30:20 ----D---- C:\Users\Kristian\AppData\Roaming\Media Player Classic
2008-10-12 00:30:13 ----A---- C:\Windows\system32\unrar.dll
2008-10-12 00:30:13 ----A---- C:\Windows\avisplitter.ini
2008-10-12 00:30:12 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2008-10-12 00:30:12 ----A---- C:\Windows\system32\msvcr71.dll
2008-10-11 20:19:18 ----D---- C:\Program Files (x86)\Guitar Pro 5
2008-10-11 12:58:08 ----D---- C:\Program Files (x86)\Mirc
2008-10-11 12:48:13 ----D---- C:\Program Files (x86)\Microsoft
2008-10-11 12:47:22 ----D---- C:\Program Files (x86)\Common Files\Windows Live
2008-10-11 12:43:41 ----D---- C:\Program Files (x86)\Windows Live
2008-10-11 12:33:13 ----A---- C:\Windows\system32\pbsvc.exe
2008-10-11 12:15:15 ----D---- C:\Users\Kristian\AppData\Roaming\mIRC
2008-10-11 12:12:11 ----D---- C:\Program Files (x86)\HP
2008-10-11 04:45:52 ----D---- C:\ProgramData\Media Center Programs
2008-10-11 04:06:58 ----D---- C:\Users\Kristian\AppData\Roaming\Microsoft Games
2008-10-11 04:03:06 ----D---- C:\Program Files (x86)\Common Files\Microsoft Games
2008-10-11 03:51:06 ----D---- C:\Users\Kristian\AppData\Roaming\Macromedia
2008-10-11 03:51:05 ----D---- C:\Users\Kristian\AppData\Roaming\Adobe
2008-10-11 03:17:29 ----D---- C:\Program Files (x86)\Microsoft Games
2008-10-11 02:46:40 ----D---- C:\Program Files (x86)\Common Files\Steam
2008-10-11 02:43:40 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2008-10-11 02:40:29 ----D---- C:\Users\Kristian\AppData\Roaming\DAEMON Tools
2008-10-11 02:04:15 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-11 02:04:01 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-10-11 01:03:51 ----D---- C:\Windows\system32\Macromed
2008-10-11 01:03:36 ----D---- C:\ProgramData\Avira
2008-10-11 01:03:36 ----D---- C:\Program Files (x86)\Avira
2008-10-11 00:52:33 ----HD---- C:\inetpub
2008-10-11 00:51:11 ----A---- C:\Windows\system32\XAudio2_2.dll
2008-10-11 00:51:11 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2008-10-11 00:51:11 ----A---- C:\Windows\system32\xactengine3_2.dll
2008-10-11 00:51:10 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-10-11 00:51:10 ----A---- C:\Windows\system32\d3dx10_39.dll
2008-10-11 00:51:10 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2008-10-11 00:51:09 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-10-11 00:51:09 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-10-11 00:51:08 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-10-11 00:51:08 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-10-11 00:51:07 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-10-11 00:51:07 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-10-11 00:51:06 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-10-11 00:51:05 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-10-11 00:51:05 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-10-11 00:51:04 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-10-11 00:51:03 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-10-11 00:51:03 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-10-11 00:51:01 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-10-11 00:50:59 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-10-11 00:50:58 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-10-11 00:50:58 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-10-11 00:50:58 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-10-11 00:50:55 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-10-11 00:50:54 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-10-11 00:50:54 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-10-11 00:50:53 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-10-11 00:50:52 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-10-11 00:50:52 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-10-11 00:50:51 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-10-11 00:50:51 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-10-11 00:50:50 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-10-11 00:50:49 ----A---- C:\Windows\system32\xinput1_3.dll
2008-10-11 00:50:44 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-10-11 00:50:43 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-10-11 00:50:43 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-10-11 00:50:42 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-10-11 00:50:39 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-10-11 00:50:37 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-10-11 00:50:36 ----A---- C:\Windows\system32\d3dx10.dll
2008-10-11 00:50:33 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-10-11 00:50:31 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-10-11 00:50:31 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-10-11 00:50:30 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-10-11 00:50:27 ----A---- C:\Windows\system32\xinput1_2.dll
2008-10-11 00:50:27 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-10-11 00:50:25 ----A---- C:\Windows\system32\xinput1_1.dll
2008-10-11 00:50:25 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-10-11 00:50:21 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-10-11 00:50:18 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-10-11 00:50:14 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-10-11 00:50:14 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-10-11 00:50:13 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-10-11 00:50:12 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-10-11 00:50:12 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-10-11 00:50:11 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-10-11 00:50:10 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-10-11 00:50:10 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-10-11 00:49:48 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2008-10-11 00:47:21 ----HD---- C:\Windows\msdownld.tmp
2008-10-11 00:47:19 ----D---- C:\Windows\system32\directx
2008-10-11 00:36:05 ----RA---- C:\Windows\system32\AsIO.dll
2008-10-11 00:36:03 ----D---- C:\Program Files (x86)\ASUS
2008-10-11 00:31:00 ----D---- C:\Users\Kristian\AppData\Roaming\ATI
2008-10-11 00:31:00 ----D---- C:\ProgramData\ATI
2008-10-11 00:30:34 ----D---- C:\Program Files (x86)\ATI Technologies
2008-10-11 00:25:44 ----D---- C:\Windows\Minidump
2008-10-11 00:22:03 ----D---- C:\Users\Kristian\AppData\Roaming\atitray
2008-10-11 00:18:16 ----D---- C:\Users\Kristian\AppData\Roaming\WinRAR
2008-10-11 00:17:37 ----D---- C:\Program Files (x86)\WinRAR
2008-10-11 00:16:43 ----D---- C:\Program Files (x86)\Foxit Software
2008-10-11 00:14:40 ----D---- C:\Torrent Downloads
2008-10-11 00:13:00 ----D---- C:\Program Files (x86)\uTorrent
2008-10-11 00:12:55 ----D---- C:\Users\Kristian\AppData\Roaming\uTorrent
2008-10-11 00:04:36 ----D---- C:\Program Files (x86)\Ray Adams
2008-10-10 23:57:41 ----HD---- C:\ATI
2008-10-10 23:50:40 ----A---- C:\Windows\system32\msshooks.dll
2008-10-10 23:50:40 ----A---- C:\Windows\system32\msscb.dll
2008-10-10 23:50:40 ----A---- C:\Windows\system32\mimefilt.dll
2008-10-10 23:50:39 ----A---- C:\Windows\system32\thawbrkr.dll
2008-10-10 23:50:39 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-10-10 23:50:39 ----A---- C:\Windows\system32\propsys.dll
2008-10-10 23:50:39 ----A---- C:\Windows\system32\propdefs.dll
2008-10-10 23:50:39 ----A---- C:\Windows\system32\offfilt.dll
2008-10-10 23:50:39 ----A---- C:\Windows\system32\msstrc.dll
2008-10-10 23:50:39 ----A---- C:\Windows\system32\mssprxy.dll
2008-10-10 23:50:39 ----A---- C:\Windows\system32\mssitlb.dll
2008-10-10 23:50:39 ----A---- C:\Windows\system32\msshsq.dll
2008-10-10 23:50:39 ----A---- C:\Windows\system32\korwbrkr.dll
2008-10-10 23:50:39 ----A---- C:\Windows\system32\chsbrkr.dll
2008-10-10 23:50:38 ----A---- C:\Windows\system32\xmlfilter.dll
2008-10-10 23:50:38 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-10-10 23:50:38 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-10-10 23:50:38 ----A---- C:\Windows\system32\rtffilt.dll
2008-10-10 23:50:38 ----A---- C:\Windows\system32\nlhtml.dll
2008-10-10 23:50:38 ----A---- C:\Windows\system32\mssvp.dll
2008-10-10 23:50:38 ----A---- C:\Windows\system32\mssrch.dll
2008-10-10 23:50:38 ----A---- C:\Windows\system32\mssphtb.dll
2008-10-10 23:50:38 ----A---- C:\Windows\system32\mssph.dll
2008-10-10 23:50:38 ----A---- C:\Windows\system32\msscntrs.dll
2008-10-10 23:50:38 ----A---- C:\Windows\system32\chtbrkr.dll
2008-10-10 23:50:37 ----A---- C:\Windows\system32\tquery.dll
2008-10-10 23:48:59 ----A---- C:\Windows\system32\tzres.dll
2008-10-10 23:48:09 ----A---- C:\Windows\system32\shell32.dll
2008-10-10 23:47:53 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-10-10 23:47:47 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-10-10 23:47:32 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-10-10 23:44:52 ----N---- C:\Windows\system32\vxblock.dll
2008-10-10 23:44:52 ----N---- C:\Windows\system32\pxwave.dll
2008-10-10 23:44:52 ----N---- C:\Windows\system32\pxsfs.dll
2008-10-10 23:44:52 ----N---- C:\Windows\system32\pxmas.dll
2008-10-10 23:44:52 ----N---- C:\Windows\system32\pxinsa64.exe
2008-10-10 23:44:52 ----N---- C:\Windows\system32\pxhpinst.exe
2008-10-10 23:44:52 ----N---- C:\Windows\system32\pxdrv.dll
2008-10-10 23:44:52 ----N---- C:\Windows\system32\pxcpya64.exe
2008-10-10 23:44:52 ----N---- C:\Windows\system32\pxafs.dll
2008-10-10 23:44:52 ----N---- C:\Windows\system32\px.dll
2008-10-10 23:44:51 ----D---- C:\Users\Kristian\AppData\Roaming\Winamp
2008-10-10 23:44:51 ----D---- C:\Program Files (x86)\Winamp
2008-10-10 23:42:20 ----D---- C:\Users\Kristian\AppData\Roaming\Opera
2008-10-10 23:42:16 ----D---- C:\Program Files (x86)\Opera
2008-10-10 23:41:51 ----SHD---- C:\Windows\Installer
2008-10-10 23:17:32 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-10 23:17:32 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2008-10-10 23:04:16 ----A---- C:\Windows\system32\srclient.dll
2008-10-10 23:04:16 ----A---- C:\Windows\system32\kbd106n.dll
2008-10-10 22:46:51 ----D---- C:\Program Files (x86)\Trend Micro
2008-10-10 22:42:57 ----RA---- C:\Windows\system32\CSVer.dll
2008-10-10 22:42:56 ----D---- C:\Program Files (x86)\Intel
2008-10-10 22:42:47 ----HD---- C:\Intel
2008-10-10 22:27:34 ----D---- C:\Games
2008-10-10 22:24:23 ----A---- C:\Windows\system32\dataclen.dll
2008-10-10 22:24:15 ----A---- C:\Windows\system32\es.dll
2008-10-10 22:24:09 ----A---- C:\Windows\system32\wshext.dll
2008-10-10 22:24:09 ----A---- C:\Windows\system32\wscript.exe
2008-10-10 22:24:09 ----A---- C:\Windows\system32\vbscript.dll
2008-10-10 22:24:09 ----A---- C:\Windows\system32\scrrun.dll
2008-10-10 22:24:09 ----A---- C:\Windows\system32\scrobj.dll
2008-10-10 22:24:09 ----A---- C:\Windows\system32\jscript.dll
2008-10-10 22:24:09 ----A---- C:\Windows\system32\cscript.exe
2008-10-10 22:24:04 ----A---- C:\Windows\system32\winipsec.dll
2008-10-10 22:24:04 ----A---- C:\Windows\system32\polstore.dll
2008-10-10 22:24:04 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-10-10 22:24:03 ----A---- C:\Windows\system32\gdi32.dll
2008-10-10 22:24:01 ----A---- C:\Windows\system32\inetcomm.dll
2008-10-10 22:23:56 ----A---- C:\Windows\system32\wmpeffects.dll
2008-10-10 22:23:55 ----A---- C:\Windows\system32\wshrm.dll
2008-10-10 22:23:01 ----A---- C:\Windows\system32\quartz.dll
2008-10-10 22:11:35 ----D---- C:\Windows\Panther
2008-10-10 22:11:21 ----SHD---- C:\Boot
2008-10-10 21:33:31 ----D---- C:\Windows\system32\Atheros_L1e
2008-10-10 21:33:28 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-10-10 21:30:27 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2008-10-10 21:26:55 ----A---- C:\Windows\Ascd_tmp.ini
2008-10-10 21:24:47 ----D---- C:\Users\Kristian\AppData\Roaming\Identities
2008-10-10 21:24:39 ----SD---- C:\Users\Kristian\AppData\Roaming\Microsoft
2008-10-10 21:24:39 ----D---- C:\Users\Kristian\AppData\Roaming\Media Center Programs
2008-10-10 21:23:06 ----SHD---- C:\Programfiler
2008-10-10 21:23:06 ----SHD---- C:\ProgramData\Start-meny
2008-10-10 21:23:06 ----SHD---- C:\ProgramData\Skrivebord
2008-10-10 21:23:06 ----SHD---- C:\ProgramData\Programdata
2008-10-10 21:23:06 ----SHD---- C:\ProgramData\Maler
2008-10-10 21:23:06 ----SHD---- C:\ProgramData\Favoritter
2008-10-10 21:23:06 ----SHD---- C:\ProgramData\Dokumenter
2008-10-10 21:22:48 ----D---- C:\Windows\Debug
2008-10-10 21:15:27 ----D---- C:\Windows\SoftwareDistribution
2008-10-10 21:12:34 ----D---- C:\Windows\Prefetch
2008-10-10 21:12:30 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2008-10-13 10:14:05 ----D---- C:\Windows\SysWOW64
2008-10-13 10:13:36 ----RD---- C:\Program Files (x86)
2008-10-13 10:13:12 ----D---- C:\Program Files (x86)\Common Files
2008-10-13 01:04:03 ----D---- C:\Windows\Temp
2008-10-13 00:14:34 ----HD---- C:\Windows
2008-10-12 23:53:23 ----RSD---- C:\Windows\assembly
2008-10-12 23:53:23 ----D---- C:\Windows\Microsoft.NET
2008-10-12 23:36:03 ----D---- C:\Windows\winsxs
2008-10-12 20:53:30 ----D---- C:\Windows\system32\drivers
2008-10-12 20:53:03 ----HD---- C:\ProgramData
2008-10-12 20:21:31 ----D---- C:\Windows\System32
2008-10-12 20:21:31 ----D---- C:\Windows\inf
2008-10-12 19:56:29 ----SD---- C:\Windows\Downloaded Program Files
2008-10-11 21:23:40 ----D---- C:\Windows\rescache
2008-10-11 20:19:18 ----RSD---- C:\Windows\Fonts
2008-10-11 12:48:37 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2008-10-11 12:46:41 ----SD---- C:\ProgramData\Microsoft
2008-10-11 05:12:22 ----D---- C:\Windows\Logs
2008-10-11 00:52:36 ----D---- C:\Windows\system32\migration
2008-10-11 00:52:35 ----D---- C:\Windows\system32\inetsrv
2008-10-11 00:52:34 ----D---- C:\Windows\system32\nb-NO
2008-10-11 00:19:13 ----D---- C:\Windows\PolicyDefinitions
2008-10-11 00:19:12 ----D---- C:\Windows\ehome
2008-10-10 23:58:27 ----RHD---- C:\Program Files
2008-10-10 22:29:53 ----D---- C:\Program Files (x86)\Windows Mail
2008-10-10 21:25:00 ----SHD---- C:\$Recycle.Bin
2008-10-10 21:24:38 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x64.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 usbaudio;USB-lyddriver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
S3 af37vtyo;af37vtyo; C:\Windows\system32\drivers\af37vtyo.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Tjenesteproxy for Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Klokkeproxy for Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Kvalitetsbehandlingsproxy for Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Tee/Sink-to-Sink-konverterer for Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-11 66872]
R3 aawservice;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe [2008-10-12 611664]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2008-10-11 87288]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.04 2008-10-13 18:35:03

======Uninstall list======

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
AI Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x9
Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -l0x9 -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlefield 2(TM)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Call of Duty 4: Modern Warfare-->"C:\Games\Steam\steam.exe" steam://uninstall/7940
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Crysis Warhead-->"C:\Games\Steam\steam.exe" steam://uninstall/17330
Crysis Wars-->"C:\Games\Steam\steam.exe" steam://uninstall/17340
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
Gears of War-->C:\Program Files (x86)\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe -runfromtemp -l0x0409
Guitar Pro 5.2-->"C:\Program Files (x86)\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.7 (Standard)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{20DEB77C-21D6-4D22-BB47-233E47613D57}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Opera 9.60-->MsiExec.exe /X{D2F5287E-5F0E-447B-9157-B08AA4E2AC76}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Beta (all programs)-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Beta (all programs)-->MsiExec.exe /I{5D4A033A-A286-44BE-A0F0-B05FAC25D07F}
Windows Live Call-->MsiExec.exe /I{78AC782A-C708-4B21-A3A0-ECD4A3284588}
Windows Live Messenger-->MsiExec.exe /X{B1403D7D-C725-4858-AACC-7E5FA2D72859}
Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------




I did format both my harddrives and reinstall vista, because i had recently done it and had everything backuped, but I want to make sure im clean :)
Crozmo
Active Member
 
Posts: 3
Joined: October 10th, 2008, 11:14 am

Re: Need help with trojan services

Unread postby Shaba » October 13th, 2008, 12:51 pm

So did you reformat between those two logs?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Need help with trojan services

Unread postby Crozmo » October 13th, 2008, 2:13 pm

Yes and I also removed 2gb of 8gb of ram, for some reason with all 8gb in the computer, all setups would mystically become "corrupted", havent noticed anything unusual after format, I got Avira Anti virus and a few anti spyware/adware programs to hopefully keep me safer
Crozmo
Active Member
 
Posts: 3
Joined: October 10th, 2008, 11:14 am

Re: Need help with trojan services

Unread postby Shaba » October 13th, 2008, 2:29 pm

Thanks for information.

We'll run one scan to ensure that you are clean:

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Need help with trojan services

Unread postby Shaba » October 18th, 2008, 4:42 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 479 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware