Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspicous Trojan Horse...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspicous Trojan Horse...

Unread postby tahayassen » October 5th, 2008, 10:50 pm

Hi! First, I'd like to say thanks for visiting my thread. Anyways, I'm almost 100% sure there's a backdoor trojan on my computer. Can you guys please help me? My anti-virus (AVG 8.0 Internet Security) is giving my pop-ups about different trojans in the C:/Windows/System32/Drivers directory.

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:09 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sudowin\Server\Sudowin.Server.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ClipX\clipx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TrojanHunter\THGuard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ClipX] C:\Program Files\ClipX\clipx.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter\THGuard.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9908624796
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://hamburgcam.axiscam.net:8080/activex/AMC.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} (CAxMP4Dec Class) - http://64.21.226.243/activex/decoder/in ... g4_dec.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://64.21.226.243/activex/AMC.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (HPM) (RPCH) - Unknown owner - C:\Program Files\NetMeeting\nmwb.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Sudowin - l o s t c r e a t i o n s - C:\Program Files\Sudowin\Server\Sudowin.Server.exe

--
End of file - 9143 bytes

Thanks for all your help! :)
tahayassen
Regular Member
 
Posts: 19
Joined: October 5th, 2008, 10:37 pm
Advertisement
Register to Remove

Re: Suspicous Trojan Horse...

Unread postby ktreffin » October 7th, 2008, 11:14 am

Hi tahayassen, Welcome to the forums!Image

My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:

Please make an Uninstall List using HiJackThis.


To access the Uninstall Manager you would do the following:
    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.

Lastly, please keep these points in mind:
  • If you have questions, please DON'T hesitate to ask!
  • The instructions I give are specific to your current problem and should not be used on other systems.
  • Please post your replies only to this topic, and please DO NOT start a new thread.
  • Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

I am reviewing your log now, and will be back with you shortly. Thank you for your patience.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Suspicous Trojan Horse...

Unread postby ktreffin » October 10th, 2008, 9:27 am

Hello

THREE DAY BUMP!

It has been three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Please let me know if there are any problems. Thanks!

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Suspicous Trojan Horse...

Unread postby tahayassen » October 10th, 2008, 4:40 pm

Hi,

I'm very sorry for my late response as I was very busy this week. Anyways, here is my uninstall list you requested:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3D Groove Playback Engine
802.11 USB Wireless LAN Adapter
AC Tool
AccessDiver v4.402
Acer Arcade
Acer eManager for Notebook
Acer eNetManagement
Acer ePowerManagement
Acer GridVista
Acrobat.com
Acrobat.com
ActivePerl 5.10.0 Build 1002
Ad-Aware 2007
Administrative Templates for Windows XP
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Algebrator 4.0
Apple Software Update
Applian FLV Player
ArcSoft PhotoStudio 5.5
Athan Basic 3.4
Avanquest update
AVG 8.0
AXIS Media Control
AXIS Media Control Embedded
Ben 10 Alien Force Bounty Hunters
blueMSX
Boson NetSim for CCNP 7.0
Boson NetSim for CCNP 7.0
Boson NetSim for CCNP BETA 3
Brother HL-2040
BSR Screen Recorder 4
Calculator Powertoy for Windows XP
Camtasia Studio 5
Canon CanoScan Toolbox 5.0
CanoScan 4400F
CanoScan 8600F
CCleaner (remove only)
Cheat Engine 5.4
Citrix Presentation Server Client - Web Only
ClipX
Codecs
Combat Arms
Digsby
DivX Codec
DivX Player
eBoostr 2
Fraps (remove only)
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hamachi 1.0.3.0
HDAUDIO Soft Voice Modem with SmartCP
Hex Workshop v5.1
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Java DB 10.3.1.4
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) SE Development Kit 6 Update 4
Launch Manager
Local Account Manager v2
Magic Video Converter 8.0.10.28
Malwarebytes' Anti-Malware
mCore
Messenger Plus! 3
Messenger Plus! Live
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
mMHouse
Motorola Phone Tools
Mozilla Firefox (3.0.3)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
nBinder
nBinder Limited
Notepad++
NTI Backup NOW! 4
NTI CD & DVD-Maker
PDF Settings
PowerArchiver 2009
PowerISO
PowerProducer
Presto! PageManager 7.15.14
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
RegistryFix v7.0
Rufus Maphack
ScanSoft OmniPage SE 4.0
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Sony Vegas Pro 8.0
SpeechRedist
Spybot - Search & Destroy
SpywareBlaster 4.1
Starcraft
StyleXP (remove only)
Sudo for Windows
SWiSH Max2
Synaptics Pointing Device Driver
System Requirements Lab
TrojanHunter 5.0
TuneXP 1.5
TunRat
Tweak UI
Unlocker 1.8.7
Unreal Tournament 2004
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb956080)
Windows Backup Utility
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Creativity Fun Packs - Windows Movie Maker 2
WinPcap 4.0.2
WinRAR archiver
WolfTeam International
XviD MPEG-4 Video Codec
ZD Soft Screen Recorder
ZD Soft Screen Video Decoder
tahayassen
Regular Member
 
Posts: 19
Joined: October 5th, 2008, 10:37 pm

Re: Suspicous Trojan Horse...

Unread postby ktreffin » October 10th, 2008, 7:16 pm

Thanks for the uninstall list. Seeing it has been a few days, can you please post a new updated HijackThis log?

Thanks,
Ken

Edit: to fix spelling...oops! :oops:
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Suspicous Trojan Horse...

Unread postby tahayassen » October 10th, 2008, 8:00 pm

:) Ok, here's the new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:49 PM, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\Program Files\TRENDnet\TEW-424UB\Logon.tmp
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ClipX\clipx.exe
C:\Program Files\TrojanHunter\THGuard.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executor\executor.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Taha\Desktop\HiJackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ClipX] C:\Program Files\ClipX\clipx.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter\THGuard.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\executor.exe" -s
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9908624796
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://hamburgcam.axiscam.net:8080/activex/AMC.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} (CAxMP4Dec Class) - http://64.21.226.243/activex/decoder/in ... g4_dec.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://64.21.226.243/activex/AMC.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (HPM) (RPCH) - Unknown owner - C:\Program Files\NetMeeting\nmwb.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Sudowin - Unknown owner - C:\Program Files\Sudowin\Server\Sudowin.Server.exe (file missing)

--
End of file - 9363 bytes
tahayassen
Regular Member
 
Posts: 19
Joined: October 5th, 2008, 10:37 pm

Re: Suspicous Trojan Horse...

Unread postby ktreffin » October 10th, 2008, 8:37 pm

Thanks! Now we can get started. :) The good news is I am not seeing much in your HijackThis log right now. I would like to get a couple of different logs and see what we can find. Before we begin, I need to stress some important points to you.

  • Some of the instructions I will provide may get quite long. I highly recommend that you print a copy of them off or copy them into Notepad.
  • If at any time you have questions, please DON'T hesitate to ask!
  • Please keep in mind that the instructions I give are specific to your current problem and should not be used on other systems.
  • Also, please remember that there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

Ready? Lets go....

Step #1: Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

*===============================================*

Step #2: Download and Run Random's System Information Tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

*===============================================*

Step #3: Things to put in your next reply

Please post the following in your next reply:
  • Contents of the Malwarebytes' Anti-Malware Log
  • Contents of both of the RSIT logs (log.txt and info.txt)

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Suspicous Trojan Horse...

Unread postby tahayassen » October 11th, 2008, 7:44 pm

Hi,

Sorry, if I don't reply. I am quite busy, and please do not put on top of your priority list. I'm not sure if you guys help more than one person at a time, but if you do, please try to give more priority to someone else. I am currently following your instructions.

Thanks,

Taha
tahayassen
Regular Member
 
Posts: 19
Joined: October 5th, 2008, 10:37 pm

Re: Suspicous Trojan Horse...

Unread postby ktreffin » October 11th, 2008, 8:33 pm

That's no problem. Whenever you get them done is fine.

Thanks for letting me know.
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Suspicous Trojan Horse...

Unread postby tahayassen » October 11th, 2008, 9:53 pm

Ok, I finally got to complete the instructions you provided me. It found a rootkit, and a few trojan horses. As I suspected, in my drivers directory. They're in the quarantine; should I remove them from the quarantine?

Here is the MalwareBytes' Anti-Malware log:

Malwarebytes' Anti-Malware 1.28
Database version: 1259
Windows 5.1.2600 Service Pack 2

10/11/2008 9:30:56 PM
mbam-log-2008-10-11 (21-30-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 227496
Time elapsed: 1 hour(s), 42 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\IsDrv122.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt (Trojan.Extension.Exploit) -> Delete on reboot.
C:\WINDOWS\Temp\dbg_RA_proc.txt (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\T30DebugLogFile.txt (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\RunAsAdmin\Local Settings\temp\wecerr.txt (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wafa\Desktop\ActualTests+-+A++Hardware+-+CompTIA+220-301.pdf (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ahmad\Desktop\Temp Arabic Hmwk.pdf (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wafa\Desktop\rasha.doc (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
----------------------------------------------------------------------

Here is my log.txt from RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by RunAs at 2008-10-11 21:45:07
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 6 GB (16%) free of 36 GB
Total RAM: 502 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:57 PM, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\Program Files\TRENDnet\TEW-424UB\Logon.tmp
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Taha\Desktop\RSIT.exe
C:\Documents and Settings\Taha\Desktop\RunAs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ClipX] C:\Program Files\ClipX\clipx.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter\THGuard.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\executor.exe" -s
O4 - HKUS\S-1-5-21-919744946-3282351654-3696749691-1011\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User 'Taha')
O4 - HKUS\S-1-5-21-919744946-3282351654-3696749691-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Taha')
O4 - HKUS\S-1-5-21-919744946-3282351654-3696749691-1011\..\Run: [Executor] "C:\Program Files\Executor\Executor.exe" -s (User 'Taha')
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9908624796
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://hamburgcam.axiscam.net:8080/activex/AMC.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} (CAxMP4Dec Class) - http://64.21.226.243/activex/decoder/in ... g4_dec.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://64.21.226.243/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66BC6E7A-03B9-407C-AEEE-341E1FD7337E}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C80AA87E-4C28-4B5E-AF5D-8165D1DA2F33}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (HPM) (RPCH) - Unknown owner - C:\Program Files\NetMeeting\nmwb.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Sudowin - Unknown owner - C:\Program Files\Sudowin\Server\Sudowin.Server.exe (file missing)

--
End of file - 9386 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-07-25 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-09 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-08-31 193136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll [2008-08-31 651760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
CoTGT_BHO Class - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-09 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-08-31 193136]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-09 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"epm-dm"=c:\acer\epm\epm-dm.exe [2005-08-11 200704]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-07-25 1235736]
"ClipX"=C:\Program Files\ClipX\clipx.exe [2005-11-30 68608]
"THGuard"=C:\Program Files\TrojanHunter\THGuard.exe [2008-03-25 1047712]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-10-08 4608]
"Executor"=C:\Program Files\Executor\executor.exe [2008-05-19 1052672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
C:\Program Files\Athan\Athan.exe [2008-08-17 1069056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM]
c:\acer\epm\epm-dm.exe [2005-08-11 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
C:\Acer\ePM\ePM.exe [2005-03-15 2893824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Program Files\Acer\eRecovery\Monitor.exe [2005-08-18 352256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2005-08-19 462848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Acer\Acer Arcade\PCMService.exe [2005-08-11 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2005-08-09 14743552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-08 688218]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-08 98394]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Serials 2000 8.1 SR-2.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
eBoostr Control Panel.lnk - C:\Program Files\eBoostr\eBoostrCP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-04-30 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Softnyx\WolfTeam\Wolfteam.bin"="C:\Program Files\Softnyx\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.txt - open -

======List of files/folders created in the last 1 months======

2008-10-11 21:45:07 ----DC---- C:\rsit
2008-10-10 16:43:14 ----D---- C:\Documents and Settings\RunAs\Application Data\Executor
2008-10-10 16:43:07 ----D---- C:\Program Files\Executor
2008-10-09 21:50:08 ----D---- C:\Documents and Settings\RunAs\Application Data\Digsby
2008-10-09 21:41:09 ----D---- C:\Program Files\Digsby
2008-10-08 17:56:25 ----A---- C:\WINDOWS\system32\_AxShlEx.dll
2008-10-08 17:31:44 ----D---- C:\Program Files\Alcohol Soft
2008-10-08 16:50:42 ----D---- C:\Documents and Settings\RunAs\Application Data\TeamViewer
2008-10-07 18:00:42 ----D---- C:\Documents and Settings\RunAs\Application Data\Google
2008-10-07 17:57:54 ----D---- C:\Documents and Settings\RunAs\Application Data\AVGTOOLBAR
2008-10-06 21:29:20 ----D---- C:\Program Files\Port Forwarding Wizard
2008-10-06 19:58:38 ----D---- C:\Documents and Settings\RunAs\Application Data\Sun
2008-10-06 19:36:13 ----D---- C:\Documents and Settings\RunAs\Application Data\WinRAR
2008-10-06 19:34:10 ----D---- C:\Documents and Settings\RunAs\Application Data\Macromedia
2008-10-06 19:32:00 ----D---- C:\Documents and Settings\RunAs\Application Data\Mozilla
2008-10-06 19:30:19 ----ASH---- C:\Documents and Settings\RunAs\Application Data\desktop.ini
2008-10-06 19:30:18 ----SD---- C:\Documents and Settings\RunAs\Application Data\Microsoft
2008-10-06 19:30:18 ----D---- C:\Documents and Settings\RunAs\Application Data\Identities
2008-10-06 19:30:18 ----D---- C:\Documents and Settings\RunAs\Application Data\Adobe
2008-10-06 16:57:35 ----D---- C:\Program Files\Local Account Manager
2008-10-05 22:44:46 ----SHDC---- C:\RECYCLER
2008-10-05 22:19:03 ----AC---- C:\ComboFix.txt
2008-10-04 17:44:56 ----A---- C:\WINDOWS\system32\BnetLog.txt
2008-10-04 12:27:23 ----A---- C:\WINDOWS\ScUnin.exe
2008-10-04 12:26:45 ----D---- C:\Program Files\Starcraft
2008-10-03 20:01:03 ----DC---- C:\.jagex_cache_32
2008-10-02 09:44:29 ----D---- C:\Program Files\Halo
2008-10-01 23:00:45 ----D---- C:\Documents and Settings\All Users\Application Data\ConeXware
2008-10-01 22:59:42 ----D---- C:\Program Files\PowerArchiver
2008-10-01 18:27:53 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-01 17:29:45 ----D---- C:\Program Files\Microsoft Group Policy
2008-10-01 17:26:18 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-01 16:47:17 ----A---- C:\WINDOWS\system32\gptext.dll
2008-10-01 16:47:17 ----A---- C:\WINDOWS\system32\gpedit.msc
2008-10-01 16:47:17 ----A---- C:\WINDOWS\system32\gpedit.dll
2008-10-01 16:47:17 ----A---- C:\WINDOWS\system32\fdeploy.dll
2008-10-01 16:47:17 ----A---- C:\WINDOWS\system32\fde.dll
2008-10-01 16:47:17 ----A---- C:\WINDOWS\system32\appmgr.dll
2008-10-01 16:47:17 ----A---- C:\WINDOWS\system32\appmgmts.dll
2008-10-01 16:40:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-01 07:53:49 ----D---- C:\WINDOWS\Prefetch
2008-10-01 07:40:02 ----D---- C:\Program Files\Messenger
2008-10-01 07:39:50 ----A---- C:\WINDOWS\system32\SET108F.tmp
2008-10-01 07:39:47 ----A---- C:\WINDOWS\system32\SET106C.tmp
2008-10-01 07:39:41 ----A---- C:\WINDOWS\system32\SET102C.tmp
2008-10-01 07:39:39 ----D---- C:\WINDOWS\system32\scripting
2008-10-01 07:39:38 ----D---- C:\WINDOWS\l2schemas
2008-10-01 07:39:37 ----D---- C:\WINDOWS\system32\en
2008-10-01 07:39:36 ----D---- C:\WINDOWS\system32\bits
2008-10-01 07:35:46 ----A---- C:\WINDOWS\SET486.tmp
2008-10-01 07:35:42 ----A---- C:\WINDOWS\system32\SET460.tmp
2008-10-01 07:35:42 ----A---- C:\WINDOWS\system32\SET45E.tmp
2008-10-01 07:35:41 ----A---- C:\WINDOWS\system32\SET45C.tmp
2008-10-01 07:35:41 ----A---- C:\WINDOWS\system32\SET455.tmp
2008-10-01 07:35:40 ----A---- C:\WINDOWS\system32\SET450.tmp
2008-10-01 07:35:40 ----A---- C:\WINDOWS\system32\SET44E.tmp
2008-10-01 07:35:40 ----A---- C:\WINDOWS\system32\SET44A.tmp
2008-10-01 07:35:39 ----A---- C:\WINDOWS\system32\SET446.tmp
2008-10-01 07:35:39 ----A---- C:\WINDOWS\system32\SET442.tmp
2008-10-01 07:35:38 ----A---- C:\WINDOWS\system32\SET441.tmp
2008-10-01 07:35:38 ----A---- C:\WINDOWS\system32\SET440.tmp
2008-10-01 07:35:36 ----A---- C:\WINDOWS\system32\SET434.tmp
2008-10-01 07:35:35 ----A---- C:\WINDOWS\system32\SET42A.tmp
2008-10-01 07:35:35 ----A---- C:\WINDOWS\system32\SET423.tmp
2008-10-01 07:35:33 ----A---- C:\WINDOWS\system32\SET415.tmp
2008-10-01 07:35:32 ----A---- C:\WINDOWS\system32\SET410.tmp
2008-10-01 07:35:32 ----A---- C:\WINDOWS\system32\SET40E.tmp
2008-10-01 07:35:31 ----A---- C:\WINDOWS\system32\SET40D.tmp
2008-10-01 07:35:31 ----A---- C:\WINDOWS\system32\SET40B.tmp
2008-10-01 07:35:31 ----A---- C:\WINDOWS\system32\SET408.tmp
2008-10-01 07:35:30 ----A---- C:\WINDOWS\system32\SET407.tmp
2008-10-01 07:35:30 ----A---- C:\WINDOWS\system32\SET406.tmp
2008-10-01 07:35:30 ----A---- C:\WINDOWS\system32\SET404.tmp
2008-10-01 07:35:29 ----A---- C:\WINDOWS\system32\SET403.tmp
2008-10-01 07:35:29 ----A---- C:\WINDOWS\system32\SET402.tmp
2008-10-01 07:35:28 ----A---- C:\WINDOWS\system32\SET3FB.tmp
2008-10-01 07:35:24 ----A---- C:\WINDOWS\system32\SET3CE.tmp
2008-10-01 07:35:22 ----A---- C:\WINDOWS\system32\SET3BB.tmp
2008-10-01 07:35:20 ----A---- C:\WINDOWS\system32\SET3B0.tmp
2008-10-01 07:35:18 ----A---- C:\WINDOWS\system32\SET3A2.tmp
2008-10-01 07:35:18 ----A---- C:\WINDOWS\system32\SET3A0.tmp
2008-10-01 07:35:17 ----A---- C:\WINDOWS\system32\SET39A.tmp
2008-10-01 07:35:16 ----A---- C:\WINDOWS\system32\SET392.tmp
2008-10-01 07:35:14 ----A---- C:\WINDOWS\system32\SET37F.tmp
2008-10-01 07:35:12 ----A---- C:\WINDOWS\system32\SET371.tmp
2008-10-01 07:35:12 ----A---- C:\WINDOWS\system32\SET36B.tmp
2008-10-01 07:35:10 ----A---- C:\WINDOWS\system32\SET360.tmp
2008-10-01 07:35:10 ----A---- C:\WINDOWS\system32\SET35A.tmp
2008-10-01 07:35:09 ----A---- C:\WINDOWS\system32\SET357.tmp
2008-10-01 07:35:08 ----A---- C:\WINDOWS\system32\SET34E.tmp
2008-10-01 07:35:08 ----A---- C:\WINDOWS\system32\SET34C.tmp
2008-10-01 07:35:05 ----A---- C:\WINDOWS\system32\SET32F.tmp
2008-10-01 07:35:05 ----A---- C:\WINDOWS\system32\SET32A.tmp
2008-10-01 07:35:04 ----A---- C:\WINDOWS\system32\SET327.tmp
2008-10-01 07:35:04 ----A---- C:\WINDOWS\system32\SET325.tmp
2008-10-01 07:35:03 ----A---- C:\WINDOWS\system32\SET31E.tmp
2008-10-01 07:35:02 ----A---- C:\WINDOWS\system32\SET316.tmp
2008-10-01 07:35:01 ----A---- C:\WINDOWS\system32\SET30D.tmp
2008-10-01 07:35:00 ----A---- C:\WINDOWS\system32\SET302.tmp
2008-10-01 07:34:59 ----A---- C:\WINDOWS\system32\SET2FC.tmp
2008-10-01 07:34:59 ----A---- C:\WINDOWS\system32\SET2FB.tmp
2008-10-01 07:34:58 ----A---- C:\WINDOWS\system32\SET2F9.tmp
2008-10-01 07:34:58 ----A---- C:\WINDOWS\system32\SET2F7.tmp
2008-10-01 07:34:58 ----A---- C:\WINDOWS\system32\SET2F4.tmp
2008-10-01 07:34:57 ----A---- C:\WINDOWS\system32\SET2F3.tmp
2008-10-01 07:34:57 ----A---- C:\WINDOWS\system32\SET2F0.tmp
2008-10-01 07:34:57 ----A---- C:\WINDOWS\system32\SET2EF.tmp
2008-10-01 07:34:56 ----A---- C:\WINDOWS\system32\SET2EE.tmp
2008-10-01 07:34:56 ----A---- C:\WINDOWS\system32\SET2EC.tmp
2008-10-01 07:34:55 ----A---- C:\WINDOWS\system32\SET2E2.tmp
2008-10-01 07:34:54 ----A---- C:\WINDOWS\system32\SET2DF.tmp
2008-10-01 07:34:54 ----A---- C:\WINDOWS\system32\SET2DB.tmp
2008-10-01 07:34:54 ----A---- C:\WINDOWS\system32\SET2DA.tmp
2008-10-01 07:34:53 ----A---- C:\WINDOWS\system32\SET2D9.tmp
2008-10-01 07:34:53 ----A---- C:\WINDOWS\system32\SET2D8.tmp
2008-10-01 07:34:53 ----A---- C:\WINDOWS\system32\SET2D6.tmp
2008-10-01 07:34:53 ----A---- C:\WINDOWS\system32\SET2D4.tmp
2008-10-01 07:34:52 ----A---- C:\WINDOWS\system32\SET2D0.tmp
2008-10-01 07:34:52 ----A---- C:\WINDOWS\system32\SET2CF.tmp
2008-10-01 07:34:52 ----A---- C:\WINDOWS\system32\SET2CC.tmp
2008-10-01 07:34:51 ----A---- C:\WINDOWS\system32\SET2C6.tmp
2008-10-01 07:34:51 ----A---- C:\WINDOWS\system32\SET2C5.tmp
2008-10-01 07:34:50 ----N---- C:\WINDOWS\system32\SET2C1.tmp
2008-10-01 07:34:50 ----A---- C:\WINDOWS\system32\SET2C2.tmp
2008-10-01 07:34:49 ----A---- C:\WINDOWS\system32\SET2BB.tmp
2008-10-01 07:34:48 ----A---- C:\WINDOWS\system32\SET2B8.tmp
2008-10-01 07:34:47 ----A---- C:\WINDOWS\system32\SET2AF.tmp
2008-10-01 07:34:46 ----A---- C:\WINDOWS\system32\SET2AE.tmp
2008-10-01 07:34:46 ----A---- C:\WINDOWS\system32\SET2A8.tmp
2008-10-01 07:34:45 ----A---- C:\WINDOWS\system32\SET2A7.tmp
2008-10-01 07:34:45 ----A---- C:\WINDOWS\system32\SET2A4.tmp
2008-10-01 07:34:45 ----A---- C:\WINDOWS\system32\SET2A3.tmp
2008-10-01 07:34:44 ----A---- C:\WINDOWS\system32\SET2A1.tmp
2008-10-01 07:34:43 ----A---- C:\WINDOWS\system32\SET29E.tmp
2008-10-01 07:34:43 ----A---- C:\WINDOWS\system32\SET29C.tmp
2008-10-01 07:34:43 ----A---- C:\WINDOWS\system32\SET29B.tmp
2008-10-01 07:34:42 ----A---- C:\WINDOWS\system32\SET29A.tmp
2008-10-01 07:34:42 ----A---- C:\WINDOWS\system32\SET295.tmp
2008-10-01 07:34:42 ----A---- C:\WINDOWS\system32\SET294.tmp
2008-10-01 07:34:41 ----A---- C:\WINDOWS\system32\SET293.tmp
2008-10-01 07:34:41 ----A---- C:\WINDOWS\system32\SET28E.tmp
2008-10-01 07:34:40 ----A---- C:\WINDOWS\system32\SET289.tmp
2008-10-01 07:34:40 ----A---- C:\WINDOWS\system32\SET288.tmp
2008-10-01 07:34:40 ----A---- C:\WINDOWS\system32\SET287.tmp
2008-10-01 07:34:39 ----A---- C:\WINDOWS\system32\SET285.tmp
2008-10-01 07:34:39 ----A---- C:\WINDOWS\system32\SET284.tmp
2008-10-01 07:34:39 ----A---- C:\WINDOWS\system32\SET283.tmp
2008-10-01 07:34:39 ----A---- C:\WINDOWS\system32\SET281.tmp
2008-10-01 07:34:39 ----A---- C:\WINDOWS\system32\SET280.tmp
2008-10-01 07:34:38 ----A---- C:\WINDOWS\system32\SET27F.tmp
2008-10-01 07:34:38 ----A---- C:\WINDOWS\system32\SET27E.tmp
2008-10-01 07:34:38 ----A---- C:\WINDOWS\system32\SET27D.tmp
2008-10-01 07:34:38 ----A---- C:\WINDOWS\system32\SET27A.tmp
2008-10-01 07:34:37 ----A---- C:\WINDOWS\system32\SET279.tmp
2008-10-01 07:34:36 ----A---- C:\WINDOWS\system32\SET272.tmp
2008-10-01 07:34:36 ----A---- C:\WINDOWS\system32\SET271.tmp
2008-10-01 07:34:33 ----A---- C:\WINDOWS\system32\SET25A.tmp
2008-10-01 07:34:33 ----A---- C:\WINDOWS\system32\SET258.tmp
2008-10-01 07:34:33 ----A---- C:\WINDOWS\system32\SET255.tmp
2008-10-01 07:34:31 ----A---- C:\WINDOWS\system32\SET246.tmp
2008-10-01 07:34:30 ----A---- C:\WINDOWS\system32\SET245.tmp
2008-10-01 07:34:30 ----A---- C:\WINDOWS\system32\SET244.tmp
2008-10-01 07:34:30 ----A---- C:\WINDOWS\system32\SET240.tmp
2008-10-01 07:34:28 ----A---- C:\WINDOWS\system32\SET234.tmp
2008-10-01 07:34:28 ----A---- C:\WINDOWS\system32\SET22E.tmp
2008-10-01 07:34:27 ----A---- C:\WINDOWS\system32\SET22A.tmp
2008-10-01 07:34:27 ----A---- C:\WINDOWS\system32\SET229.tmp
2008-10-01 07:34:26 ----A---- C:\WINDOWS\system32\SET228.tmp
2008-10-01 07:34:26 ----A---- C:\WINDOWS\system32\SET222.tmp
2008-10-01 07:34:25 ----A---- C:\WINDOWS\system32\SET21A.tmp
2008-10-01 07:34:25 ----A---- C:\WINDOWS\system32\SET219.tmp
2008-10-01 07:34:24 ----A---- C:\WINDOWS\system32\SET211.tmp
2008-10-01 07:34:23 ----A---- C:\WINDOWS\system32\SET20D.tmp
2008-10-01 07:34:23 ----A---- C:\WINDOWS\system32\SET208.tmp
2008-10-01 07:34:23 ----A---- C:\WINDOWS\system32\SET207.tmp
2008-10-01 07:34:22 ----A---- C:\WINDOWS\system32\SET204.tmp
2008-10-01 07:34:19 ----A---- C:\WINDOWS\system32\SET203.tmp
2008-10-01 07:34:19 ----A---- C:\WINDOWS\system32\SET200.tmp
2008-10-01 07:34:18 ----A---- C:\WINDOWS\system32\SET1FE.tmp
2008-10-01 07:34:18 ----A---- C:\WINDOWS\system32\SET1F9.tmp
2008-10-01 07:34:17 ----A---- C:\WINDOWS\system32\SET1F3.tmp
2008-10-01 07:34:16 ----A---- C:\WINDOWS\system32\SET1ED.tmp
2008-10-01 07:34:16 ----A---- C:\WINDOWS\system32\SET1E7.tmp
2008-10-01 07:34:15 ----A---- C:\WINDOWS\system32\SET1E6.tmp
2008-10-01 07:34:15 ----A---- C:\WINDOWS\system32\SET1E5.tmp
2008-10-01 07:34:15 ----A---- C:\WINDOWS\system32\SET1E2.tmp
2008-10-01 07:34:12 ----A---- C:\WINDOWS\system32\SET1CE.tmp
2008-10-01 07:34:12 ----A---- C:\WINDOWS\system32\SET1CD.tmp
2008-10-01 07:34:11 ----A---- C:\WINDOWS\system32\SET1C6.tmp
2008-10-01 07:34:10 ----A---- C:\WINDOWS\system32\SET1BF.tmp
2008-10-01 07:34:10 ----A---- C:\WINDOWS\system32\SET1BE.tmp
2008-10-01 07:34:08 ----A---- C:\WINDOWS\system32\SET1B2.tmp
2008-10-01 07:34:08 ----A---- C:\WINDOWS\system32\SET1AF.tmp
2008-10-01 07:34:08 ----A---- C:\WINDOWS\system32\SET1AE.tmp
2008-10-01 07:34:08 ----A---- C:\WINDOWS\system32\SET1AD.tmp
2008-10-01 07:34:07 ----A---- C:\WINDOWS\system32\SET1A5.tmp
2008-10-01 07:34:06 ----A---- C:\WINDOWS\system32\SET1A4.tmp
2008-10-01 07:34:06 ----A---- C:\WINDOWS\system32\SET1A1.tmp
2008-10-01 07:34:05 ----A---- C:\WINDOWS\system32\SET19A.tmp
2008-10-01 07:34:05 ----A---- C:\WINDOWS\system32\SET199.tmp
2008-10-01 07:34:04 ----A---- C:\WINDOWS\system32\SET197.tmp
2008-10-01 07:34:04 ----A---- C:\WINDOWS\system32\SET194.tmp
2008-10-01 07:34:02 ----A---- C:\WINDOWS\system32\SET185.tmp
2008-10-01 07:34:02 ----A---- C:\WINDOWS\system32\SET184.tmp
2008-10-01 07:34:02 ----A---- C:\WINDOWS\system32\SET183.tmp
2008-10-01 07:34:01 ----A---- C:\WINDOWS\system32\SET180.tmp
2008-10-01 07:34:01 ----A---- C:\WINDOWS\system32\SET17F.tmp
2008-10-01 07:34:01 ----A---- C:\WINDOWS\system32\SET17D.tmp
2008-10-01 07:34:01 ----A---- C:\WINDOWS\system32\SET17C.tmp
2008-10-01 07:34:01 ----A---- C:\WINDOWS\system32\SET17B.tmp
2008-10-01 07:34:00 ----A---- C:\WINDOWS\system32\SET178.tmp
2008-10-01 07:34:00 ----A---- C:\WINDOWS\system32\SET177.tmp
2008-10-01 07:34:00 ----A---- C:\WINDOWS\system32\SET176.tmp
2008-10-01 07:33:59 ----A---- C:\WINDOWS\system32\SET16D.tmp
2008-10-01 07:33:58 ----A---- C:\WINDOWS\system32\SET16A.tmp
2008-10-01 07:33:58 ----A---- C:\WINDOWS\system32\SET169.tmp
2008-10-01 07:33:57 ----A---- C:\WINDOWS\system32\SET162.tmp
2008-10-01 07:33:57 ----A---- C:\WINDOWS\system32\SET160.tmp
2008-10-01 07:33:57 ----A---- C:\WINDOWS\system32\SET15E.tmp
2008-10-01 07:33:56 ----A---- C:\WINDOWS\system32\SET15C.tmp
2008-10-01 07:33:56 ----A---- C:\WINDOWS\system32\SET15B.tmp
2008-10-01 07:33:54 ----D---- C:\WINDOWS\network diagnostic
2008-10-01 07:32:31 ----A---- C:\WINDOWS\002803_.tmp
2008-10-01 07:30:26 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2008-10-01 07:30:26 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\ftp.exe
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\format.com
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\cmd.exe
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\cacls.exe
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\autochk.exe
2008-10-01 07:29:20 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-10-01 07:29:19 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-10-01 07:29:19 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-10-01 07:29:19 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-10-01 07:29:19 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-10-01 07:29:19 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-10-01 07:29:19 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-10-01 07:29:19 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-10-01 07:29:19 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-10-01 07:29:19 ----A---- C:\WINDOWS\system32\locator.exe
2008-10-01 07:29:19 ----A---- C:\WINDOWS\system32\localspl.dll
2008-10-01 07:29:19 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-10-01 07:29:18 ----A---- C:\WINDOWS\system32\printui.dll
2008-10-01 07:29:18 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-10-01 07:29:18 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-10-01 07:29:18 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-10-01 07:29:18 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-10-01 07:29:18 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\userinit.exe
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\untfs.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\ulib.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\smss.exe
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\services.exe
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\schannel.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\savedump.exe
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\samlib.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\rasman.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-10-01 07:29:17 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-10-01 07:29:16 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-10-01 07:29:16 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-10-01 07:29:11 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-10-01 07:29:11 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-10-01 07:29:11 ----A---- C:\WINDOWS\system32\hal.dll
2008-10-01 07:28:50 ----D---- C:\WINDOWS\EHome
2008-10-01 07:22:07 ----DC---- C:\Screen Recordings
2008-10-01 07:15:33 ----D---- C:\Program Files\ZD Soft
2008-09-30 18:49:27 ----D---- C:\Program Files\Stardock
2008-09-27 11:01:25 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-27 10:06:16 ----D---- C:\Program Files\NOS
2008-09-27 10:06:16 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-25 19:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-25 19:18:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-25 17:01:03 ----A---- C:\WINDOWS\imsins.BAK
2008-09-24 21:43:56 ----A---- C:\WINDOWS\system32\zlib.dll
2008-09-24 21:13:45 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-09-24 20:27:04 ----D---- C:\WINDOWS\TunRat
2008-09-24 20:26:57 ----A---- C:\WINDOWS\TunRat Setup Log.txt
2008-09-24 18:04:31 ----A---- C:\WINDOWS\system32\CSVer.dll
2008-09-22 21:13:14 ----SHD---- C:\found.000
2008-09-22 19:41:29 ----D---- C:\Documents and Settings\All Users\Application Data\eboostr
2008-09-22 19:41:14 ----D---- C:\Program Files\eBoostr
2008-09-22 18:45:40 ----D---- C:\Program Files\TuneXP
2008-09-22 18:44:46 ----A---- C:\WINDOWS\TuneXP Setup Log.txt
2008-09-21 16:02:55 ----D---- C:\Program Files\TGTSoft
2008-09-20 15:45:30 ----DC---- C:\My Doc's
2008-09-20 08:46:59 ----D---- C:\Program Files\Rufus
2008-09-18 20:57:59 ----A---- C:\WINDOWS\War3Unin.exe
2008-09-18 20:54:43 ----D---- C:\Program Files\Warcraft III
2008-09-18 15:52:32 ----DC---- C:\danicurs
2008-09-18 14:03:11 ----D---- C:\Program Files\Hamachi
2008-09-18 13:59:21 ----D---- C:\Program Files\WinPcap
2008-09-16 18:27:30 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2008-09-14 19:19:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-12 16:16:16 ----D---- C:\Program Files\NKProds

======List of files/folders modified in the last 1 months======

2008-10-11 21:45:57 ----D---- C:\WINDOWS\Temp
2008-10-11 21:38:59 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Voice Modem with SmartCP.txt
2008-10-11 21:36:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-11 21:30:55 ----AD---- C:\WINDOWS\system32\drivers
2008-10-11 19:45:39 ----HDC---- C:\$AVG8.VAULT$
2008-10-11 13:23:48 ----D---- C:\Program Files\Mozilla Firefox
2008-10-11 13:22:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-10 20:28:06 ----RD---- C:\Program Files
2008-10-10 20:11:56 ----D---- C:\Documents and Settings
2008-10-08 17:56:25 ----AD---- C:\WINDOWS\system32
2008-10-08 16:40:54 ----D---- C:\Downloads
2008-10-06 19:31:27 ----SHD---- C:\WINDOWS\Installer
2008-10-06 19:31:07 ----AD---- C:\WINDOWS
2008-10-06 18:04:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-05 22:19:04 ----D---- C:\QooBox
2008-10-05 22:07:50 ----C---- C:\WINDOWS\system.ini
2008-10-05 22:01:08 ----D---- C:\WINDOWS\system32\config
2008-10-05 21:59:55 ----D---- C:\WINDOWS\erdnt
2008-10-05 21:57:19 ----D---- C:\WINDOWS\AppPatch
2008-10-05 21:57:19 ----D---- C:\Program Files\Common Files
2008-10-05 21:50:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-02 21:33:43 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-02 10:10:17 ----D---- C:\WINDOWS\Minidump
2008-10-02 08:22:39 ----D---- C:\Program Files\WinRAR
2008-10-01 19:03:11 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-01 07:53:48 ----SD---- C:\WINDOWS\Tasks
2008-10-01 07:52:50 ----D---- C:\WINDOWS\system32\wbem
2008-10-01 07:52:49 ----D---- C:\WINDOWS\system32\Setup
2008-10-01 07:52:42 ----RSD---- C:\WINDOWS\Fonts
2008-10-01 07:51:25 ----D---- C:\WINDOWS\security
2008-10-01 07:48:47 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-01 07:45:15 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-01 07:45:14 ----AD---- C:\i386
2008-10-01 07:45:08 ----D---- C:\WINDOWS\system32\usmt
2008-10-01 07:45:03 ----D---- C:\WINDOWS\system32\Restore
2008-10-01 07:45:03 ----AD---- C:\WINDOWS\system32\oobe
2008-10-01 07:45:02 ----D---- C:\WINDOWS\system32\npp
2008-10-01 07:44:56 ----D---- C:\WINDOWS\system32\Com
2008-10-01 07:43:31 ----D---- C:\WINDOWS\srchasst
2008-10-01 07:43:31 ----AD---- C:\WINDOWS\system
2008-10-01 07:43:30 ----D---- C:\WINDOWS\PeerNet
2008-10-01 07:43:28 ----HD---- C:\WINDOWS\inf
2008-10-01 07:43:28 ----D---- C:\WINDOWS\msagent
2008-10-01 07:43:21 ----D---- C:\WINDOWS\ime
2008-10-01 07:43:21 ----D---- C:\WINDOWS\Help
2008-10-01 07:43:16 ----D---- C:\Program Files\Windows NT
2008-10-01 07:43:15 ----D---- C:\Program Files\Windows Media Player
2008-10-01 07:43:15 ----D---- C:\Program Files\Outlook Express
2008-10-01 07:43:14 ----D---- C:\Program Files\NetMeeting
2008-10-01 07:43:13 ----D---- C:\Program Files\Movie Maker
2008-10-01 07:43:06 ----D---- C:\Program Files\Common Files\System
2008-10-01 07:40:46 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-01 07:40:10 ----D---- C:\WINDOWS\WinSxS
2008-10-01 07:39:40 ----D---- C:\WINDOWS\system32\en-US
2008-10-01 07:32:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-29 20:27:50 ----RSD---- C:\WINDOWS\assembly
2008-09-29 20:25:30 ----D---- C:\WINDOWS\SHELLNEW
2008-09-27 11:02:21 ----D---- C:\Program Files\Adobe
2008-09-27 11:00:55 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-27 11:00:17 ----D---- C:\Program Files\Common Files\Adobe
2008-09-25 19:23:24 ----D---- C:\WINDOWS\Debug
2008-09-25 19:19:00 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-24 18:23:55 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-24 18:23:55 ----D---- C:\Program Files\Intel
2008-09-24 18:16:57 ----D---- C:\WINDOWS\system32\NtmsData
2008-09-23 18:16:56 ----N---- C:\WINDOWS\system32\eRLog.ini
2008-09-22 21:20:45 ----A---- C:\WINDOWS\BRWMARK.INI
2008-09-22 19:43:23 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-22 18:44:43 ----A---- C:\WINDOWS\iun6002.exe
2008-09-22 18:38:19 ----D---- C:\Program Files\Common Files\Services
2008-09-21 16:03:25 ----D---- C:\WINDOWS\Resources
2008-09-20 08:46:38 ----N---- C:\WINDOWS\Setup1.exe
2008-09-16 20:12:59 ----RASHC---- C:\boot.ini
2008-09-16 20:12:59 ----A---- C:\WINDOWS\win.ini
2008-09-16 20:11:55 ----D---- C:\Program Files\ClipX
2008-09-13 14:15:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-12 17:25:17 ----D---- C:\Program Files\DNA
2008-09-12 07:55:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-07-25 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-07 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-09-15 17119]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-06-21 76040]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 int15.sys;int15.sys; \??\C:\Program Files\Acer\eRecovery\int15.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-09-09 23296]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-09-18 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-06-30 1034752]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-06-30 200704]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-09 3855360]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-08-17 6144]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-06 47360]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 scrcap;scrcap; C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 9006]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-08 185824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-29 3222784]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-06-30 716416]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 obvious;obvious; C:\WINDOWS\system32\DRIVERS\obvious.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 ag5xfgdn;ag5xfgdn; C:\WINDOWS\system32\drivers\ag5xfgdn.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-09-09 23296]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CEDRIVER53;CEDRIVER53; \??\C:\Documents and Settings\Yassen\Desktop\My Personal Folder\WolfTeam Hacks\Love Engine 0.4\Ioveliss.sys []
S3 commiwi;[CommView] Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows 2000; C:\WINDOWS\system32\DRIVERS\commiwi.sys [2006-10-04 206336]
S3 DADriv1;DADriv1; \??\C:\Documents and Settings\Yassen\Desktop\My Personal Folder\WolfTeam Hacks\DAEngine\DAK32.sys []
S3 DBKDRVR54;DBKDRVR54; \??\C:\Program Files\Cheat Engine\dbk32.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53; \??\C:\Documents and Settings\Yassen\Desktop\My Personal Folder\WolfTeam Hacks\Moonlight Engine 1196.4.0.4\IlvMoney1215.sys []
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-09-05 217600]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2007-11-10 22768]
S3 uzeil1;uzeil1; \??\C:\Documents and Settings\Yassen\Desktop\My Personal Folder\Combat Arms Hacks\Mini Anchor\Mini Anchor\uzeil.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva189;XDva189; \??\C:\WINDOWS\system32\XDva189.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-04-25 607576]
R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2005-06-06 1273344]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-15 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-25 231704]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-09-09 1220888]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2005-08-11 249954]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2005-08-11 114772]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2005-08-11 61440]
R2 EBOOSTRSVC;eBoostr Service; C:\Program Files\eBoostr\EBstrSvc.exe [2008-09-22 843384]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-04 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-07-04 107832]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 SiSWLSvc;SiS WirelessLan Service; C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe [2006-08-23 57344]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 RPCH;Remote Procedure Call (HPM); C:\Program Files\NetMeeting\nmwb.exe []
S2 Sudowin;Sudowin; C:\Program Files\Sudowin\Server\Sudowin.Server.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-31 156656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
-------------------------------------------------------------------------------

Here is my info.txt from RSIT:

info.txt logfile of random's system information tool 1.04 2008-10-11 21:46:04

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{329899E1-CBBA-49BC-9FFE-199E94316727}\setup.exe" -l0x9 -removeonly
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u
AC Tool-->C:\PROGRA~1\ACTOOL~1\UNWISE.EXE C:\PROGRA~1\ACTOOL~1\INSTALL.LOG
AccessDiver v4.402-->"C:\Program Files\Accessdiver\unins001.exe"
Acer Arcade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eManager for Notebook-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer eNetManagement-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePowerManagement-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
ActivePerl 5.10.0 Build 1002-->MsiExec.exe /I{49C69876-0196-4620-B237-EA334C2E40B5}
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Administrative Templates for Windows XP-->MsiExec.exe /I{69C1F0AC-2017-46B2-9DC9-ED880CDF4E40}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Algebrator 4.0-->"C:\Program Files\Algebrator\unins000.exe"
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Athan Basic 3.4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Athan\irunin.ini"
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AXIS Media Control Embedded-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
AXIS Media Control-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll",UninstallMe
Ben 10 Alien Force Bounty Hunters-->MsiExec.exe /X{BC7E9D03-F7B1-4179-AAEC-941D14DF5EF3}
blueMSX-->MsiExec.exe /I{E932D883-BFCF-4A40-8AC7-5C0384582D90}
Boson NetSim for CCNP 7.0-->"C:\Program Files\InstallShield Installation Information\{8C1BC366-81DD-4050-B2DC-88287C90E915}\setup.exe" -runfromtemp -l0x0409 -removeonly
Boson NetSim for CCNP 7.0-->MsiExec.exe /I{8C1BC366-81DD-4050-B2DC-88287C90E915}
Boson NetSim for CCNP BETA 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{16980C05-BF0D-4F02-B32F-D4345ACC8B3B}
Brother HL-2040-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90707218-9E02-48A9-85BD-6EE2161079F7}\SETUP.exe" -l0x9 -removeonly /uninst
BSR Screen Recorder 4-->C:\Program Files\BSR Screen Recorder 4\Uninstall Screen Recorder 4.exe
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Camtasia Studio 5-->MsiExec.exe /I{784E6B0F-00EC-4950-95A2-BBA64F44EC48}
Canon CanoScan Toolbox 5.0-->"C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uninst.ini
CanoScan 4400F-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803 /L0x0009
CanoScan 8600F-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4804\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4804 /L0x0009
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.4-->"C:\Program Files\Cheat Engine\unins000.exe"
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0}
ClipX-->"C:\Program Files\ClipX\uninstall.exe"
Codecs-->"C:\Program Files\InstallShield Installation Information\{CD6E9AF7-2EE4-458A-B85E-3FBDAF748C39}\setup.exe" -runfromtemp -l0x0009 -removeonly
Combat Arms-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Digsby-->C:\Program Files\Digsby\uninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
eBoostr 2-->C:\Program Files\eBoostr\uninstall.exe
Executor v0.98b-->"C:\Program Files\Executor\unins000.exe"
Fraps (remove only)-->"C:\Program Files\Fraps\uninstall.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_FE4264652A965D92.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HDAUDIO Soft Voice Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025008F\HXFSETUP.EXE -U -IAcr008FK.inf
Hex Workshop v5.1-->MsiExec.exe /I{04DC9993-648E-4523-B2A4-75E05E12FB10}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Development Kit 6 Update 4-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Local Account Manager v2-->"C:\Program Files\Local Account Manager\unins000.exe"
Magic Video Converter 8.0.10.28-->"C:\Program Files\Magic Video Converter\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MetaFrame Presentation Server Web Client for Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft MPEG-4 VKI Video Codec V1/V2/V3-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007 SP1-->MsiExec.exe /X{AD483998-2E9A-4405-83FF-6E503AF49CBB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola Phone Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
nBinder Limited-->C:\Program Files\NKProds\nBinder 5.5.1 Limited\uninstall.exe
nBinder-->C:\Program Files\NKProds\nBinder 5.5\uninstall.exe
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerArchiver 2009-->MsiExec.exe /I{C8EE6127-53C2-4807-A160-19C244B72211}
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Presto! PageManager 7.15.14-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anything -removeonly
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegistryFix v7.0-->"C:\Program Files\RegistryFix7\unins000.exe"
Rufus Maphack-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Rufus\ST6UNST.LOG"
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sony Vegas Pro 8.0-->MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Starcraft-->C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat
StyleXP (remove only)-->"C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Sudo for Windows-->MsiExec.exe /I{31D476EC-A1F0-47A1-BEB9-11768B0277F2}
SWiSH Max2-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH Max2\uninstal.log
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TrojanHunter 5.0-->"C:\Program Files\TrojanHunter\unins000.exe"
TuneXP 1.5-->C:\WINDOWS\iun6002.exe "C:\Program Files\TuneXP\irunin.ini"
TunRat-->"C:\WINDOWS\TunRat\uninstall.exe" "/U:C:\Documents and Settings\Taha\Desktop\My Personal Folder\Hacking Tools\RAT's\Lost Door v3.0\Uninstall\uninstall.xml"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Unreal Tournament 2004-->D:\Program Files\UT2004\System\Setup.exe uninstall "UT2004"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Creativity Fun Packs - Windows Movie Maker 2-->MsiExec.exe /X{DA2D4D11-1811-4A24-B719-BF9F048C6106}
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WolfTeam International-->"C:\Program Files\Softnyx\WolfTeam\unins000.exe"
XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
ZD Soft Screen Recorder-->"C:\Program Files\ZD Soft\Screen Recorder\Uninstall.exe"
ZD Soft Screen Video Decoder-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\scrvid.inf

======Security center information======

AV: AVG Internet Security
FW: COMODO Firewall Pro
FW: AVG Firewall

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Sudowin\Clients\Console
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0d08
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

Thanks in advance,

Taha
tahayassen
Regular Member
 
Posts: 19
Joined: October 5th, 2008, 10:37 pm

Re: Suspicous Trojan Horse...

Unread postby ktreffin » October 11th, 2008, 10:36 pm

Well, that is a step in the right direction. :thumbright: It is good that Malwarebytes' found what it did.

I will try and look over your RSIT logs tomorrow (10/12), however I will be at work all day, expect my next reply sometime late tomorrow or Monday (10/13).

In the mean time, if anything else comes up, let me know.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Suspicous Trojan Horse...

Unread postby tahayassen » October 12th, 2008, 2:30 pm

I'm not very happy with my AVG Security Suite. Can you please give me a recommendation? I have the TrendMicro full package on my desktop, and I'm impressed with TrendMicro software. However, it is too much of a memory hog. So, any suggestions?
tahayassen
Regular Member
 
Posts: 19
Joined: October 5th, 2008, 10:37 pm

Re: Suspicous Trojan Horse...

Unread postby ktreffin » October 12th, 2008, 4:18 pm

Lets get you cleaned up first, and then I will be glad to recommend some Anti-Virus programs for you. You still have some things showing in your RSIT log that we need to take care of. Please do the following:

Step #1: Download and Run ComboFix

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

*===============================================*

Step #2: Things to put in your next reply

Please post the following in your next reply:
  • A New Hijack This Log
  • Contents of the ComboFix Log (C:\ComboFix.txt)

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Suspicous Trojan Horse...

Unread postby ktreffin » October 16th, 2008, 9:37 am

Hello

THREE DAY BUMP!

It has been three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Please let me know if there are any problems. Thanks!

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Suspicous Trojan Horse...

Unread postby NonSuch » October 18th, 2008, 2:22 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 312 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware