MBAM Log:Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3
5/28/2009 6:17:46 PM
mbam-log-2009-05-28 (18-17-46).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 267152
Time elapsed: 25 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 31
Registry Values Infected: 3
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 35
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\dusatalo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rotariti.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jowuhese.dll (Trojan.Vundo.H) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03ed71eb-247e-464c-83ba-971fd463eb59} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{03ed71eb-247e-464c-83ba-971fd463eb59} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03ed71eb-247e-464c-83ba-971fd463eb59} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QuickyPlaeyrSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\msliksur (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msliksurserv (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jihomazapi (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\rotariti.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rotariti.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{284256ea-43a9-4230-a595-2ea86ef80ad0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{284256ea-43a9-4230-a595-2ea86ef80ad0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{284256ea-43a9-4230-a595-2ea86ef80ad0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\jowuhese.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dusatalo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rotariti.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\documents and settings\Raymond\local settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Raymond\local settings\Temp\rasesnet.tmp (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\bafuvisi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\bekehutu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fidofepu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fuweyofa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jalezada.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kajelaki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\molugivu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nikarili.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\penonoge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\peroruvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\petokulu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rilihoki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sayawoha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\siduzeji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tafivefi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tehunevo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tepusiga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wotuzapi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wusorevo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\yemibumi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
e:\Patrick\Programs\idm\internet download manager 5.12 build 8\patch.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jivuvomo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\loader49.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\msliksurserv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
RSIT Logs:Logfile of random's system information tool 1.06 (written by random/random)
Run by Raymond at 2009-05-28 18:28:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (59%) free of 50 GB
Total RAM: 2038 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:14 PM, on 5/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Raymond\Desktop\Firefox.Ultimate.Optimizer\Firefox.Ultimate.Optimizer\Firefox Ultimate Optimizer.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Raymond\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Raymond.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bigpond.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: C:\WINDOWS\system32\had73sfdfd.dll - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\had73sfdfd.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FirefoxUltimateOptimizer] C:\Documents and Settings\Raymond\Desktop\Firefox.Ultimate.Optimizer\Firefox.Ultimate.Optimizer\Firefox Ultimate Optimizer.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\azg7qb.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc] C:\WINDOWS\TEMP\azg7qb.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\azg7qb.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: gsf87hfunf98398jd - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\had73sfdfd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 7633 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6C7B2A1-00F3-42BD-F434-00AABA2C8953}]
C:\WINDOWS\system32\had73sfdfd.dll - C:\WINDOWS\system32\had73sfdfd.dll [2009-05-28 15000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-C39E-35F1D2A32EC8}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-11-08 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-11-08 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-11-08 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-10 16384000]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-08-03 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"FirefoxUltimateOptimizer"=C:\Documents and Settings\Raymond\Desktop\Firefox.Ultimate.Optimizer\Firefox.Ultimate.Optimizer\Firefox Ultimate Optimizer.exe [2007-11-01 34304]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-06-21 4608]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2007-10-01 840704]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
C:\Documents and Settings\Raymond\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-10-30 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
gsf87hfunf98398jd - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\had73sfdfd.dll [2009-05-28 15000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msliksurserv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\msliksurserv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\ESET\ESET Smart Security\egui.exe"="C:\Program Files\ESET\ESET Smart Security\egui.exe:*:Enabled:egui"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"="C:\Program Files\ESET\ESET Smart Security\ekrn.exe:*:Enabled:ekrn"
"C:\WINDOWS\RTHDCPL.exe"="C:\WINDOWS\RTHDCPL.exe:*:Enabled:RTHDCPL"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-5-76-100017841-100004152-100018102-1343.com e:\
shell\Open\command - RECYCLER\S-8-5-76-100017841-100004152-100018102-1343.com e:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08213de4-4c3e-11dd-ac0b-001e8cbe517e}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL EFTel_USB_launch/index.html
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08213de5-4c3e-11dd-ac0b-001e8cbe517e}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-7-61-100020705-100010365-100011749-9058.com i:\
shell\Open\command - RECYCLER\S-0-7-61-100020705-100010365-100011749-9058.com i:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72ab4f01-7966-11dd-ac39-001e8cbe517e}]
shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dd758bf-38e9-11dd-abeb-001e8cbe517e}]
shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d579b9c1-37ef-11dd-b0e4-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-5-76-100017841-100004152-100018102-1343.com e:\
shell\Open\command - RECYCLER\S-8-5-76-100017841-100004152-100018102-1343.com e:\
======List of files/folders created in the last 1 months======
2009-05-28 18:28:12 ----D---- C:\rsit
2009-05-28 18:23:45 ----D---- C:\Avenger
2009-05-28 18:18:34 ----A---- C:\WINDOWS\system32\p2hhr.bat
2009-05-28 18:18:26 ----A---- C:\WINDOWS\system32\had73sfdfd.dll
2009-05-28 18:18:25 ----A---- C:\WINDOWS\system32\ak1.exe
2009-05-28 17:50:42 ----D---- C:\Documents and Settings\Raymond\Application Data\Malwarebytes
2009-05-28 17:43:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-28 17:43:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-27 21:52:12 ----D---- C:\WINDOWS\pss
2009-05-25 22:46:55 ----D---- C:\Program Files\Trend Micro
2009-05-24 22:04:30 ----D---- C:\Program Files\Kaspersky Lab
2009-05-24 22:04:30 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-05-24 22:03:23 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-24 20:14:35 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-24 19:15:24 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2009-05-24 19:14:36 ----D---- C:\WINDOWS\Internet Logs
2009-05-23 11:15:47 ----SHD---- C:\Config.Msi
2009-05-22 22:46:23 ----D---- C:\Documents and Settings\Raymond\Application Data\Creative
2009-05-12 17:57:51 ----D---- C:\Program Files\MSBuild
2009-05-12 17:55:56 ----D---- C:\WINDOWS\system32\XPSViewer
2009-05-12 17:55:34 ----D---- C:\Program Files\Reference Assemblies
2009-05-12 17:55:20 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-05-07 20:34:31 ----D---- C:\Program Files\Wondershare
======List of files/folders modified in the last 1 months======
2009-05-28 18:25:17 ----D---- C:\Program Files\Mozilla Firefox
2009-05-28 18:25:03 ----D---- C:\WINDOWS\Temp
2009-05-28 18:24:30 ----D---- C:\Documents and Settings\Raymond\Application Data\DMCache
2009-05-28 18:24:01 ----D---- C:\WINDOWS\system32\drivers
2009-05-28 18:24:01 ----D---- C:\WINDOWS
2009-05-28 18:24:00 ----D---- C:\WINDOWS\system32
2009-05-28 18:23:45 ----D---- C:\Program Files
2009-05-28 18:23:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-28 17:50:50 ----D---- C:\WINDOWS\Prefetch
2009-05-28 17:40:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-24 22:05:01 ----SHD---- C:\WINDOWS\Installer
2009-05-24 22:04:49 ----HD---- C:\WINDOWS\inf
2009-05-24 22:04:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-24 20:25:10 ----SHD---- C:\WINDOWS\CSC
2009-05-23 11:16:28 ----D---- C:\WINDOWS\Registration
2009-05-23 11:16:16 ----RSD---- C:\WINDOWS\assembly
2009-05-23 11:16:12 ----D---- C:\WINDOWS\system32\URTTemp
2009-05-23 11:16:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-23 11:13:08 ----D---- C:\WINDOWS\Minidump
2009-05-23 11:11:15 ----D---- C:\Program Files\Warcraft III
2009-05-22 22:50:30 ----D---- C:\Program Files\Creative
2009-05-22 22:36:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-22 21:02:22 ----A---- C:\WINDOWS\Ascd_log.ini
2009-05-22 21:01:11 ----A---- C:\WINDOWS\Ascd_tmp.ini
2009-05-17 19:44:17 ----SHD---- C:\RECYCLER
2009-05-16 13:44:54 ----A---- C:\WINDOWS\MegaManager.INI
2009-05-12 23:40:21 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-12 17:55:54 ----RSD---- C:\WINDOWS\Fonts
2009-05-12 17:55:22 ----D---- C:\WINDOWS\system32\spool
2009-05-12 17:54:01 ----D---- C:\WINDOWS\WinSxS
2009-05-12 17:53:46 ----D---- C:\Program Files\Internet Explorer
2009-05-04 18:54:38 ----D---- C:\Program Files\Counter-Strike 1.6
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-05-24 227344]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-10-09 36864]
R3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2008-10-16 94208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-10-30 5851488]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-10 4603904]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-16 47360]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 a63yhgof;a63yhgof; C:\WINDOWS\system32\drivers\a63yhgof.sys []
S3 a8ow0rqy;a8ow0rqy; C:\WINDOWS\system32\drivers\a8ow0rqy.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 Maplom;Maplom; C:\WINDOWS\system32\drivers\Maplom.sys [2007-11-13 34304]
S3 PVUSB;CESG502 USB Driver; C:\WINDOWS\system32\DRIVERS\CESG502.sys [2008-11-03 40672]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Automatic;Automatic; C:\Program Files\Common Files\Microsoft Shared\MSINFO\Automatic.sos []
S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-15 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-05-28 18:28:15
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Installshield Installation Information\{1002F323-18D1-4A79-95C8-84EA3E940287}\QBReplace.exe {1002F323-18D1-4A79-95C8-84EA3E940287}#{97397C17-A929-4a6b-A68D-17829274C6CB}
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Allok Video to MP4 Converter 4.2.0709-->"C:\Program Files\Allok Video to MP4 Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\Setup.exe" -l0x9 -removeonly
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVI ReComp 1.4.3-->C:\Program Files\AVI ReComp\Uninstall.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
BlindWrite 6-->"C:\Program Files\VSO\BlindWrite6\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ClassPad Manager v3 (30 Day Trial)-->MsiExec.exe /X{71F205E9-C01C-47C5-B029-8AAC14AF03F1}
Combat Arms-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
ConvertXtoDVD 2.1.5.173-->"C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
Counter-Strike 1.6-->C:\Program Files\Counter-Strike 1.6\Uninstal.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD-CLONER V5.00 Build 965-->"C:\Program Files\Dvd-cloner\unins000.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.2.5-->"C:\Program Files\DVDFab 5\unins000.exe"
Easy Video Splitter 1.28-->"C:\Program Files\Easy Video Splitter\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
K-Lite Codec Pack 4.7.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire PRO 4.14.8-->"C:\Program Files\LimeWire\uninstall.exe"
Magic DVD Copier V4.7-->"C:\Program Files\MagicDVDCopier\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Demo-->MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
Program-Link FA-CP1-->MsiExec.exe /X{53FB84B2-23CC-47BE-903F-EC1841459509}
PSP ISO Compressor-->MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}
QuickBooks 2006/07 Student Version-->C:\Program Files\Installshield Installation Information\{C4168470-5416-4224-8BE9-E4349642595B}\QBReplace.exe {C4168470-5416-4224-8BE9-E4349642595B}#{9058A930-BC63-4FA9-A35B-D74BE4054F40}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Topaz Vivacity-->MsiExec.exe /I{C13A8E73-7E98-4295-BA94-6931701CD1F9}
Ultra Video Converter 2.0.8-->"C:\Program Files\Ultra Video Converter\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VideoGet-->"C:\Program Files\Nuclear Coffee\VideoGet\unins000.exe"
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\2wirepcp_69FADC00605194186DA779D20303F74BFB7E55F3\2wirepcp.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wondershare DVD Ripper Platinum(Build 4.2.0.16)-->"C:\Program Files\Wondershare\DVD Ripper Platinum\unins000.exe"
XviD MPEG4 Video Codec (remove only)-->"C:\Program Files\XviD\xvid-uninstall.exe"
======System event log======
Computer Name: ASUSG31
Event Code: 1
Message: The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
Record Number: 17
Source Name: sr
Time Written: 20090524190700.000000+600
Event Type: error
User:
Computer Name: ASUSG31
Event Code: 7024
Message: The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).
Record Number: 6
Source Name: Service Control Manager
Time Written: 20090524190652.000000+600
Event Type: error
User:
Computer Name: ASUSG31
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&43d997a&1&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
Record Number: 5
Source Name: LDMS
Time Written: 20090524190648.000000+600
Event Type: error
User:
Computer Name: ASUSG31
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&2fd07cc&1&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
Record Number: 4
Source Name: LDMS
Time Written: 20090524190648.000000+600
Event Type: error
User:
Computer Name: ASUSG31
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&1bc761e&1&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
Record Number: 3
Source Name: LDMS
Time Written: 20090524190648.000000+600
Event Type: error
User:
=====Application event log=====
Computer Name: ASUSG31
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1013
Source Name: usnjsvc
Time Written: 20081001204453.000000+600
Event Type:
User:
Computer Name: ASUSG31
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1011
Source Name: usnjsvc
Time Written: 20080930212032.000000+600
Event Type:
User:
Computer Name: ASUSG31
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1009
Source Name: usnjsvc
Time Written: 20080929225049.000000+600
Event Type:
User:
Computer Name: ASUSG31
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1007
Source Name: usnjsvc
Time Written: 20080928200545.000000+600
Event Type:
User:
Computer Name: ASUSG31
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1005
Source Name: usnjsvc
Time Written: 20080925205002.000000+600
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
