-
win32.tdss and hijacking problems
Hi, I have a problem with my google searches being redirected on firefox. After scanning with Spybot, it finds win32.tdss.rtk and win32.tdss.reg. I have removed them several times, but they don't seem to go away permanently. Also, this malware is changing my default browser to IE even though I never use it.
Here is my most recent HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:30 AM, on 1/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Razer\Diamondback\razertra.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1237] command.com /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6857] cmd.exe /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8494] command.com /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5303] cmd.exe /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7901] command.com /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4021] cmd.exe /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9899] command.com /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4504] cmd.exe /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9702] command.com /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2705] cmd.exe /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1806] command.com /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC152] cmd.exe /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9025] command.com /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2842] cmd.exe /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1001] command.com /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4942] cmd.exe /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9156] command.com /c del "C:\WINDOWS\system32\h8srtshsyst.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9210] cmd.exe /c del "C:\WINDOWS\system32\h8srtshsyst.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9642] command.com /c del "C:\WINDOWS\system32\h8srtshsyst.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5340] cmd.exe /c del "C:\WINDOWS\system32\h8srtshsyst.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1837] command.com /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2376] cmd.exe /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2950] command.com /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5337] cmd.exe /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4473] command.com /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4344] cmd.exe /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5689] command.com /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6793] cmd.exe /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1730] command.com /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9929] cmd.exe /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8129] command.com /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6711] cmd.exe /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2563] command.com /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1707] cmd.exe /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3078] command.com /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1897] cmd.exe /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6167] command.com /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4329] cmd.exe /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3525] command.com /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9531] cmd.exe /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2891] command.com /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7847] cmd.exe /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1077] command.com /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1209] cmd.exe /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4992] command.com /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5261] cmd.exe /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2511] command.com /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7322] cmd.exe /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1546] command.com /c del "C:\WINDOWS\system32\h8srtshsyst.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3096] cmd.exe /c del "C:\WINDOWS\system32\h8srtshsyst.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4385] command.com /c del "C:\WINDOWS\system32\h8srtshsyst.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2884] cmd.exe /c del "C:\WINDOWS\system32\h8srtshsyst.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6637] command.com /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1408] cmd.exe /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6069] command.com /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2604] cmd.exe /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7425] command.com /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8878] cmd.exe /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3500] command.com /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4459] cmd.exe /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7050] command.com /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2937] cmd.exe /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3663] command.com /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6035] cmd.exe /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1207527428232
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1207528360327
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 14685 bytes
-
Security Expert-Emeritus
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hi smcaba and welcome to Safer Networking.
I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
- I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine!.
- The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Refrain from running self fixes as this will hinder the malware removal process.
- It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
- Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Download/run Rkill:
Please download Rkill from one of the following links and save to your Desktop:
One, Two,Three or Four
- Double click on Rkill.
- A command window will open then disappear upon completion, this is normal.
- Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.
Next:
Please uninstall Spybot S&D, you may reinstall this when I give the all clear.
Scan with Rooter:
Please download Rooter to your desktop.
- Double click on Rooter.exe to start the application.
- Now click on the Scan button.
- When the scan is completed a text file called Rooter.txt will appear on your desktop, post the contents in your next reply.
- Now click on Close button to exit Rooter.
Note: The logfile can also be located within this folder Rooter$ at the root of your installed Hard-Drive. EG: C:\Rooter$
Scan with RSIT:
- Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
- Please post the contents of both log.txt and info.txt.
Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit
When completed the above, please post back the following in the order asked for:
- How is your computer performing now, any further symptoms and or problems encountered?
- Rooter Log.
- Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
Mammuthus Hibernian Scouserus, member of ASAP and UNITE.
-
As of now, my computer sometimes stalls on startup after the windows logo screen. Sometimes the desktop icons appear, other times it only displays the wallpaper and mouse pointer. Also, there is a process called iexplore.exe that runs on startup that occasionally plays ads that can be heard (for tv shows, cleaning products, etc.). When I end that process, the sound terminates, but the process starts up again almost immediately.
Some sites are also blocked, such as bleepingcomputer.com, so i had to download rkill on another computer and upload to a filesharing site to use it on this computer.
Thank you for your time in trying to solve this issue.
-
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 35 Stepping 2, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.13
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:76 Go - Free:9 Go )
D:\ [CD_Rom]
F:\ [Fixed-NTFS] .. ( Total:279 Go - Free:52 Go )
G:\ [CD_Rom]
.
Scan : 14:41.44
Path : C:\Documents and Settings\Shawn\My Documents\Downloads\Rooter.exe
User : Shawn ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (936)
______ \??\C:\WINDOWS\system32\csrss.exe (992)
______ \??\C:\WINDOWS\system32\winlogon.exe (1024)
______ C:\WINDOWS\system32\services.exe (1072)
______ C:\WINDOWS\system32\lsass.exe (1084)
______ C:\WINDOWS\system32\svchost.exe (1268)
______ C:\WINDOWS\system32\svchost.exe (1356)
______ C:\WINDOWS\System32\svchost.exe (1712)
______ C:\WINDOWS\System32\svchost.exe (1840)
______ C:\WINDOWS\system32\svchost.exe (2008)
______ C:\WINDOWS\system32\spoolsv.exe (360)
______ C:\WINDOWS\Explorer.EXE (772)
______ C:\WINDOWS\system32\ctfmon.exe (864)
______ C:\Program Files\Razer\Diamondback\razerhid.exe (1536)
______ C:\WINDOWS\CTHELPER.EXE (1544)
______ C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (1568)
______ C:\Program Files\Microsoft IntelliType Pro\itype.exe (1576)
______ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (1612)
______ C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (1620)
______ C:\Program Files\Java\jre6\bin\jusched.exe (1632)
______ C:\Program Files\iTunes\iTunesHelper.exe (1664)
______ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (1776)
______ C:\WINDOWS\System32\svchost.exe (584)
______ C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (616)
______ C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (252)
______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (648)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (692)
______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (696)
______ C:\Program Files\Bonjour\mDNSResponder.exe (736)
______ C:\Program Files\Java\jre6\bin\jqs.exe (132)
______ C:\WINDOWS\System32\svchost.exe (1144)
______ C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (1532)
______ C:\WINDOWS\system32\wuauclt.exe (2184)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (2276)
______ C:\Program Files\iPod\bin\iPodService.exe (2372)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (2448)
______ C:\Program Files\Razer\Diamondback\razertra.exe (2788)
______ C:\Program Files\Razer\Diamondback\razerofa.exe (2872)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2884)
______ C:\WINDOWS\System32\alg.exe (3928)
______ C:\Documents and Settings\Shawn\My Documents\Downloads\Rooter.exe (3572)
______ C:\Program Files\Internet Explorer\iexplore.exe (304)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:82335020544)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 14:42.47
.
C:\Rooter$\Rooter_1.txt - (21/01/2010 | 14:42.47)
-
info.txt
info.txt logfile of random's system information tool 1.06 2010-01-21 14:45:42
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Amazing Slow Downer (remove only)-->"C:\Program Files\Roni Music\Amazing Slow Downer PA\uninstall.exe"
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Connectivity Services-->"C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Uninstaller-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BioShock-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7670
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bulk Image Downloader v1.38.0.3-->"C:\Program Files\Bulk Image Downloader\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader Filter\uninstall.exe"
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DC-Bass Source 1.1.1-->"C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DotA Client Build 2.2 Beta-->"C:\Program Files\DotA Gaming Network\unins000.exe"
DotA Client Build 2.31 Beta-->"C:\Program Files\DotA Gaming Network\unins001.exe"
DotA Client Build 2.4 Beta-->"C:\Program Files\DotA Gaming Network\unins002.exe"
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2-->"C:\Program Files\DVDFab 5\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ffdshow [rev 1685] [2007-12-06]-->"C:\Program Files\ffdshow\unins000.exe"
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Garena-->C:\Program Files\Garena\uninst.exe
GEAR 32bit Driver Installer-->MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Heroes of Newerth-->C:\Program Files\Heroes of Newerth\uninstall.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Shawn\My Documents\Downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
MixMeister Fusion 7.3.5-->"C:\Program Files\MixMeister Fusion\unins000.exe"
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Ultra Edition-->MsiExec.exe /X{293C9DF5-7669-4826-BBB2-E1F182D71033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
Portal: The First Slice-->"C:\Program Files\Steam\steam.exe" steam://uninstall/410
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Pure Networks Port Magic-->C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Razer Diamondback-->C:\Program Files\InstallShield Installation Information\{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}\setup.exe -runfromtemp -l0x0009 -removeonly
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Street Fighter IV-->"C:\Program Files\Steam\steam.exe" steam://uninstall/21660
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TigerGame PS/PS2 Game Controller Adapter-->C:\PROGRA~1\SUPERJ~1\UNWISE.EXE C:\PROGRA~1\SUPERJ~1\INSTALL.LOG
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Warkeys 1.13.1.0b-->C:\Program Files\Warkeys\uninst.exe
WD Drive Manager (x86)-->MsiExec.exe /X{1C504B59-FFBF-4A65-9E0E-FE06159CAB9B}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Zoom Player (remove only)-->"C:\Program Files\Zoom Player\uninstall.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Malware Defense (outdated)
======System event log======
Computer Name: SHAWNSKEET
Event Code: 7901
Message: The At24.job command failed to start due to the following error:
%%2147942402
Record Number: 43076
Source Name: Schedule
Time Written: 20091216230000.000000-480
Event Type: error
User:
Computer Name: SHAWNSKEET
Event Code: 7901
Message: The At47.job command failed to start due to the following error:
%%2147942402
Record Number: 43075
Source Name: Schedule
Time Written: 20091216220000.000000-480
Event Type: error
User:
Computer Name: SHAWNSKEET
Event Code: 7901
Message: The At23.job command failed to start due to the following error:
%%2147942402
Record Number: 43074
Source Name: Schedule
Time Written: 20091216220000.000000-480
Event Type: error
User:
Computer Name: SHAWNSKEET
Event Code: 7901
Message: The At46.job command failed to start due to the following error:
%%2147942402
Record Number: 43073
Source Name: Schedule
Time Written: 20091216210000.000000-480
Event Type: error
User:
Computer Name: SHAWNSKEET
Event Code: 7901
Message: The At22.job command failed to start due to the following error:
%%2147942402
Record Number: 43072
Source Name: Schedule
Time Written: 20091216210000.000000-480
Event Type: error
User:
=====Application event log=====
Computer Name: SHAWNSKEET
Event Code: 1517
Message: Windows saved user SHAWNSKEET\Shawn registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 5565
Source Name: Userenv
Time Written: 20090531032617.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SHAWNSKEET
Event Code: 1517
Message: Windows saved user SHAWNSKEET\Shawn registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 5560
Source Name: Userenv
Time Written: 20090530160717.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SHAWNSKEET
Event Code: 1517
Message: Windows saved user SHAWNSKEET\Shawn registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 5558
Source Name: Userenv
Time Written: 20090529185236.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SHAWNSKEET
Event Code: 1517
Message: Windows saved user SHAWNSKEET\Shawn registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 5552
Source Name: Userenv
Time Written: 20090529174925.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SHAWNSKEET
Event Code: 1517
Message: Windows saved user SHAWNSKEET\Shawn registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 5546
Source Name: Userenv
Time Written: 20090528233938.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
-
log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Shawn at 2010-01-21 14:45:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (13%) free of 79 GB
Total RAM: 1023 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:39 PM, on 1/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Razer\Diamondback\razertra.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shawn\Desktop\RSIT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Shawn.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1207527428232
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1207528360327
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 7802 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Diamondback"=C:\Program Files\Razer\Diamondback\razerhid.exe [2007-02-14 147456]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2007-08-08 148760]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-07-07 576320]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2009-05-27 450560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"Aim6"= []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.EXE [2005-07-12 50776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1209320322\EE\AOLHostManager.exe [2006-03-10 13416]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-07-07 600896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe [2004-04-05 99480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
realsched.exe -osboot []
C:\Documents and Settings\Shawn\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-11-24 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskmgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1209320322\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1209320322\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Common Files\AOL\1209320322\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1209320322\EE\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe"="C:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe:*:Enabled:Street Fighter IV"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe"="C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock"
"C:\Program Files\Steam\steamapps\common\street fighter iv\StreetFighterIV.exe"="C:\Program Files\Steam\steamapps\common\street fighter iv\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fc2d3aa-4311-11de-8439-00038a000015}]
shell\AutoRun\command - E:\Autorun.exe /run
shell\Shell00\command - E:\Autorun.exe /run
shell\Shell01\command - E:\Autorun.exe /action
shell\Shell02\command - E:\Autorun.exe /uninstall
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5305eeae-dc7b-11dd-8363-00038a000015}]
shell\AutoRun\command - H:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2010-01-21 14:45:34 ----D---- C:\rsit
2010-01-21 14:42:47 ----D---- C:\Rooter$
2010-01-21 13:07:37 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-21 12:20:47 ----SHD---- C:\Config.Msi
2010-01-18 05:23:36 ----N---- C:\WINDOWS\{00000005-00000000-00000006-00001102-00000004-20021102}.BAK
2010-01-18 02:10:07 ----D---- C:\Program Files\Trend Micro
2010-01-18 02:00:29 ----D---- C:\Program Files\ERUNT
2010-01-18 01:00:05 ----D---- C:\Program Files\CCleaner
2010-01-18 00:42:47 ----D---- C:\Program Files\Viewpoint
2010-01-16 04:45:48 ----A---- C:\WINDOWS\wininit.ini
2010-01-15 00:14:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-14 23:40:46 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-14 23:40:37 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-14 23:40:37 ----D---- C:\Documents and Settings\Shawn\Application Data\SUPERAntiSpyware.com
2010-01-14 17:33:12 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2010-01-13 12:24:45 ----D---- C:\Documents and Settings\Shawn\Application Data\ATI
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atitvo32.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atioglxx.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ATIODE.exe
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ATIODCLI.exe
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atimpc32.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atikvmag.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\aticalrt.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\aticaldd.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\aticalcl.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atibtmon.exe
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2010-01-13 12:20:44 ----D---- C:\Program Files\ATI
2010-01-13 12:19:42 ----D---- C:\ATI
2010-01-12 23:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 17:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-30 22:02:28 ----D---- C:\Documents and Settings\Shawn\Application Data\Bioshock
======List of files/folders modified in the last 1 months======
2010-01-21 14:41:40 ----D---- C:\WINDOWS\Prefetch
2010-01-21 14:40:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-21 14:40:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-21 14:37:32 ----D---- C:\WINDOWS\Temp
2010-01-21 14:37:32 ----D---- C:\WINDOWS\system32
2010-01-21 14:37:19 ----D---- C:\Program Files\Mozilla Firefox
2010-01-21 14:36:43 ----D---- C:\WINDOWS
2010-01-21 13:06:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-21 12:20:51 ----SHD---- C:\WINDOWS\Installer
2010-01-21 12:20:49 ----D---- C:\Program Files
2010-01-21 12:20:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-21 12:20:41 ----D---- C:\WINDOWS\system32\drivers
2010-01-21 12:20:41 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-01-21 12:16:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-21 12:15:17 ----HD---- C:\WINDOWS\inf
2010-01-21 12:14:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-18 23:53:32 ----D---- C:\Program Files\Steam
2010-01-18 20:00:00 ----A---- C:\WINDOWS\win.ini
2010-01-18 16:22:12 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-18 16:22:09 ----D---- C:\Program Files\Zoom Player
2010-01-18 05:12:16 ----D---- C:\WINDOWS\ERDNT
2010-01-18 01:02:24 ----D---- C:\WINDOWS\Debug
2010-01-18 01:02:23 ----D---- C:\WINDOWS\Minidump
2010-01-18 00:42:49 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2010-01-17 17:19:11 ----D---- C:\Program Files\iPod
2010-01-16 16:25:30 ----D---- C:\Program Files\Heroes of Newerth
2010-01-15 04:54:45 ----D---- C:\Program Files\Common Files
2010-01-15 03:21:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-15 00:14:25 ----D---- C:\WINDOWS\WinSxS
2010-01-14 23:40:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-14 21:09:02 ----SD---- C:\WINDOWS\Tasks
2010-01-14 20:36:55 ----ASH---- C:\boot.ini
2010-01-14 20:36:55 ----A---- C:\WINDOWS\system.ini
2010-01-14 18:40:49 ----RSD---- C:\WINDOWS\assembly
2010-01-14 18:29:48 ----D---- C:\Program Files\RealMedia
2010-01-13 12:24:47 ----D---- C:\WINDOWS\system32\config
2010-01-13 12:23:51 ----D---- C:\WINDOWS\Help
2010-01-13 12:20:58 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-13 12:19:06 ----D---- C:\WINDOWS\nvidia icons
2010-01-13 12:16:27 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-12 17:32:58 ----D---- C:\WINDOWS\AppPatch
2010-01-04 16:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-30 21:50:05 ----D---- C:\WINDOWS\system32\DirectX
2009-12-29 01:37:51 ----D---- C:\Documents and Settings\Shawn\Application Data\utorrent
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2001-08-23 12160]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-06 56108]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-04-27 8552]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-24 4463104]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-11 78336]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-23 25280]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MayPro;TigerGame SuperJoy Box Pro Filter Service; C:\WINDOWS\System32\Drivers\MayPro.sys [2006-05-05 12160]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-06 47360]
R3 Razerlow;Razerlow USB Filter Driver; C:\WINDOWS\System32\Drivers\Razerlow.sys [2005-04-24 13225]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S3 abqfdoar;abqfdoar; C:\WINDOWS\system32\drivers\abqfdoar.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Shawn\LOCALS~1\Temp\UWD9.tmp []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-08-08 410904]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-05-27 102400]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-24 602112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules