PDA

View Full Version : New Search Engine Redirect Virus



heero
2008-09-15, 19:53
This only occurs on IE6, IE7, and Mozilla Firefox... Google Chrome was thankfully spared and I was able to reach this website.
My Search engine results are being redirected to random spam advert websites on Google.com, Yahoo.com, and possibly more (though these are the only ones i care about) Here is an example of the results:

Spybot Search & Destroy | Anti-spyware Tools Download | PC World
Editor's Review of Spybot Search & Destroy. Though its name sounds like bad dialog from a 60's ... Most recent User Reviews for Spybot Search & Destroy ...
www.monstermarketplace.com/ - 61k - Cached - Similar pages

Notice it sends me to Monstermarketplace.com:oops:

I am computer savvy and have run multiple antivirus programs and scanned the logs of HJT for some sign of a virus and everything looks pretty clean so this thing must be pretty deep. I am out of options...
Please Help!!
Thanks for anything you can do in advance!!



HJT Logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:57 AM, on 9/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
G:\Business Utilities\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Stop-the-Pop-Up\stopthepop.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Hotkey Management\FuncKey.exe
D:\Program Files\Power Manager\PM.exe
D:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AIM\aim.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Apoint2K\Apntex.exe
D:\Program Files\Winamp\winamp.exe
c:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
c:\Program Files\Ahead\nero\nero.exe
G:\Downloads\IE7-WindowsXP-x86-enu.exe
g:\321494be23ce94fcbd18c9\update\iesetup.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
D:\Documents and Settings\RAP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\RAP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\RAP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\System Programs\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Stop-the-Pop-Up\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [FuncKey] "D:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [PowerManager] D:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [Apoint] D:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] D:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: YzDock.lnk = C:\Program Files\YzDock\YzDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - G:\Business Utilities\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - D:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - D:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 8821 bytes

Blade81
2008-09-17, 16:20
Hi

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

heero
2008-09-18, 05:16
hmm definately more in-depth and some interesting results including startupreg - runner1 and WebBuying. I will not remove anything until you advise me to do so - this one is all on you ;D

Logfile of random's system information tool 1.02 (written by random/random)
Run by RAP at 2008-09-17 19:12:12
Microsoft Windows XP Professional Service Pack 2
System drive D: has 928 MB (10%) free of 9 GB
Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:19 PM, on 9/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
G:\Business Utilities\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\Stop-the-Pop-Up\stopthepop.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Hotkey Management\FuncKey.exe
D:\Program Files\Power Manager\PM.exe
D:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AIM\aim.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\YzDock\YzDock.exe
D:\Documents and Settings\RAP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\RAP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Downloads\System Programs\Antivirus\RSIT.exe
C:\Downloads\System Programs\Hijack This\RAP.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Stop-the-Pop-Up\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [FuncKey] "D:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [PowerManager] D:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [Apoint] D:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: YzDock.lnk = C:\Program Files\YzDock\YzDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - G:\Business Utilities\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - D:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - D:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 8310 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"sureshotpopupkiller"=C:\Program Files\Stop-the-Pop-Up\stopthepop.exe [2003-05-19 2240512]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"SkyTel"=D:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"FuncKey"=D:\Program Files\Hotkey Management\FuncKey.exe [2006-10-09 139264]
"PowerManager"=D:\Program Files\Power Manager\PM.exe [2006-10-09 151552]
"Apoint"=D:\Program Files\Apoint2K\Apoint.exe [2006-10-02 151552]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2006-08-16 7585792]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=D:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"amd_dc_opt"=D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
"AIM"=C:\PROGRA~1\AIM\aim.exe [2005-08-05 67160]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-04-23 228088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
D:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2007-06-21 1318912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
D:\Program Files\Web Buying\v1.8.5\webbuying.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2007-09-28 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Acrobat\ADOBEC~1.EXE [2006-10-22 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winamp.lnk]
D:\PROGRA~1\Winamp\winamp.exe [2008-08-03 1345376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^RAP^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2007-09-04 557568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^RAP^Start Menu^Programs^Startup^Winamp.lnk]
C:\Program Files\Winamp\winamp.exe []

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

D:\Documents and Settings\RAP\Start Menu\Programs\Startup
YzDock.lnk - C:\Program Files\YzDock\YzDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{DB0A0B68-2F3C-51D2-A901-9381E136D21A}"=D:\WINDOWS\system32\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
D:\WINDOWS\system32\rqrspqpo

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\EA GAMES\Battlefield 2\bf2_w32ded.exe"="C:\Program Files\EA GAMES\Battlefield 2\bf2_w32ded.exe:*:Enabled:bf2_w32ded"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Steam\SteamApps\heero@zeroxfactor.com\counter-strike\hl.exe"="C:\Program Files\Steam\SteamApps\heero@zeroxfactor.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Sierra\FEAR\FEAR.exe"="C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\Program Files\Sierra\FEAR\FEARMP.exe"="C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR"
"C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe"="C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:*:Enabled:FEARXP"
"G:\Games\Halo\halo.exe"="G:\Games\Halo\halo.exe:*:Enabled:Halo"
"G:\Games\Battlefield 2142\BF2142.exe"="G:\Games\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2"
"G:\Joint Operations Typhoon Rising\UPDATE.EXE"="G:\Joint Operations Typhoon Rising\UPDATE.EXE:*:Enabled:UPDATE"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\WINDOWS\system32\PnkBstrA.exe"="D:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"D:\WINDOWS\system32\PnkBstrB.exe"="D:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\WINDOWS\system32\urojbhak.exe"="D:\WINDOWS\system32\uro"
"C:\Program Files\Steam\SteamApps\heero@zeroxfactor.com\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\heero@zeroxfactor.com\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\BitPim\bitpimw.exe"="C:\Program Files\BitPim\bitpimw.exe:*:Enabled:Open Source Mobile Phone Tool"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\Steam\SteamApps\heero@zeroxfactor.com\source sdk base\hl2.exe"="C:\Program Files\Steam\SteamApps\heero@zeroxfactor.com\source sdk base\hl2.exe:*:Enabled:hl2"
"D:\Program Files\Internet Explorer\IEXPLORE.EXE"="D:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"G:\Games\EA GAMES\Battlefield Vietnam\bfvietnam.exe"="G:\Games\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam"
"G:\Ares Destiny\Ares.exe"="G:\Ares Destiny\Ares.exe:*:Disabled:Ares p2p for windows"
"D:\Program Files\Roxio\Media Manager 9\MediaManager9.exe"="D:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module"
"G:\Business Utilities\Autodesk\Backburner\monitor.exe"="G:\Business Utilities\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"G:\Business Utilities\Autodesk\Backburner\manager.exe"="G:\Business Utilities\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"G:\Business Utilities\Autodesk\Backburner\server.exe"="G:\Business Utilities\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"G:\Business Utilities\Autodesk\3ds Max 2008\3dsmax.exe"="G:\Business Utilities\Autodesk\3ds Max 2008\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2008 32-bit"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"G:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="G:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\PrinterDrivers\setup\HPZnet01.exe"="D:\PrinterDrivers\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"D:\PrinterDrivers\setup\hponicifs01.exe"="D:\PrinterDrivers\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"D:\WINDOWS\system32\spoolsv.exe"="D:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Downloads\System Programs\StubInstaller.exe"="C:\Downloads\System Programs\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e4bb5a-9aba-11dc-8922-00140b07ee14}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cff47e50-6575-11dd-8a65-00140b07ee14}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-09-17 19:12:12 ----D---- D:\rsit
2008-09-14 22:16:05 ----D---- D:\!KillBox
2008-09-14 21:43:09 ----D---- D:\fixwareout
2008-09-07 22:08:57 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-09-07 21:06:12 ----D---- D:\WINDOWS\WBEM
2008-09-07 21:06:11 ----D---- D:\WINDOWS\system32\en-US
2008-09-07 21:04:27 ----HDC---- D:\WINDOWS\ie7
2008-09-07 21:04:09 ----HDC---- D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-09-07 21:03:39 ----HDC---- D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-09-07 21:02:31 ----HDC---- D:\WINDOWS\$NtUninstallKB915865$
2008-09-07 21:02:31 ----HD---- D:\WINDOWS\$hf_mig$
2008-09-07 21:02:24 ----N---- D:\WINDOWS\system32\xmllite.dll
2008-08-24 18:49:18 ----A---- D:\WINDOWS\system32\~.exe
2008-08-21 00:44:06 ----D---- D:\Program Files\EA GAMES
2008-08-20 23:44:32 ----A---- D:\WINDOWS\iun6002.exe
2008-08-20 23:42:05 ----A---- D:\WINDOWS\DesertCombat Setup Log.txt
2008-08-20 22:09:08 ----D---- D:\Documents and Settings\RAP\Application Data\LimeWire
2008-08-20 15:00:40 ----A---- D:\WINDOWS\system32\msonpmon.dll
2008-08-20 14:57:38 ----D---- D:\Program Files\Microsoft Works
2008-08-20 14:57:14 ----D---- D:\Program Files\MSBuild
2008-08-20 14:56:27 ----D---- D:\Program Files\Microsoft Visual Studio
2008-08-20 14:56:26 ----D---- D:\Program Files\Common Files\DESIGNER
2008-08-20 14:54:58 ----D---- D:\Program Files\Microsoft.NET
2008-08-20 14:49:34 ----D---- D:\Program Files\Microsoft Visual Studio 8
2008-08-20 14:48:20 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help

======List of files/folders modified in the last 1 months======

2008-09-17 19:12:05 ----D---- D:\WINDOWS\Prefetch
2008-09-17 19:10:05 ----D---- D:\WINDOWS\Temp
2008-09-17 19:03:42 ----SHD---- D:\WINDOWS\CSC
2008-09-17 08:50:51 ----A---- D:\WINDOWS\NeroDigital.ini
2008-09-17 01:04:12 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 00:30:50 ----D---- D:\WINDOWS\system32\CatRoot2
2008-09-16 22:28:30 ----SHD---- D:\WINDOWS\Installer
2008-09-16 22:28:23 ----SHD---- D:\Config.Msi
2008-09-16 22:28:23 ----D---- D:\Program Files\Java
2008-09-16 22:28:22 ----D---- D:\Program Files\Common Files
2008-09-16 22:28:08 ----D---- D:\WINDOWS\system32
2008-09-16 12:08:19 ----D---- D:\Documents and Settings\RAP\Application Data\uTorrent
2008-09-15 23:29:41 ----D---- D:\WINDOWS
2008-09-15 09:28:08 ----HD---- D:\WINDOWS\inf
2008-09-15 09:28:04 ----D---- D:\WINDOWS\system32\CatRoot
2008-09-14 23:08:11 ----RD---- D:\Program Files
2008-09-14 23:08:10 ----D---- D:\WINDOWS\system32\drivers
2008-09-14 21:50:39 ----SHD---- D:\System Volume Information
2008-09-14 21:50:39 ----D---- D:\WINDOWS\system32\Restore
2008-09-14 16:52:36 ----RSHDC---- D:\WINDOWS\system32\dllcache
2008-09-07 22:08:41 ----D---- D:\WINDOWS\Help
2008-09-07 22:08:41 ----D---- D:\Program Files\Internet Explorer
2008-09-07 21:06:22 ----A---- D:\WINDOWS\imsins.BAK
2008-09-07 21:06:18 ----D---- D:\WINDOWS\system32\config
2008-09-07 21:06:01 ----D---- D:\WINDOWS\Media
2008-09-07 20:59:06 ----D---- D:\WINDOWS\Cursors
2008-09-07 20:59:05 ----D---- D:\Program Files\Windows NT
2008-09-07 15:35:32 ----A---- D:\WINDOWS\wininit.ini
2008-09-05 17:25:37 ----SD---- D:\WINDOWS\Tasks
2008-08-25 22:51:18 ----D---- D:\Documents and Settings\RAP\Application Data\Mozilla
2008-08-24 21:07:02 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-24 18:53:06 ----A---- D:\WINDOWS\win.ini
2008-08-24 18:53:06 ----A---- D:\WINDOWS\system.ini
2008-08-20 22:33:49 ----HD---- D:\Program Files\InstallShield Installation Information
2008-08-20 22:09:55 ----D---- D:\Documents and Settings
2008-08-20 21:04:54 ----D---- D:\WINDOWS\system32\wbem
2008-08-20 21:04:52 ----D---- D:\WINDOWS\Registration
2008-08-20 20:48:58 ----D---- D:\Program Files\Common Files\Microsoft Shared
2008-08-20 15:30:54 ----SD---- D:\Documents and Settings\RAP\Application Data\Microsoft
2008-08-20 15:07:03 ----D---- D:\WINDOWS\SHELLNEW
2008-08-20 15:06:37 ----D---- D:\Program Files\Common Files\System
2008-08-20 15:00:57 ----RSD---- D:\WINDOWS\assembly
2008-08-20 14:55:27 ----RSD---- D:\WINDOWS\Fonts
2008-08-20 13:19:59 ----D---- D:\Documents and Settings\RAP\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 kbdhid;Keyboard HID Driver; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; D:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 WINIO;WINIO; \??\D:\WINDOWS\system32\WinIo.sys []
R3 AmdLLD;AMD Low Level Device Driver; D:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 ApfiltrService;Alps Pointing-device Filter Driver; D:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2006-09-25 113152]
R3 AR5211;Atheros Wireless Network Adapter Service; D:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-03-22 488992]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 btaudio;Bluetooth Audio Device; D:\WINDOWS\system32\drivers\btaudio.sys [2006-06-07 329901]
R3 BTKRNL;Bluetooth Bus Enumerator; D:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-06-07 855018]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEARAspiWDM; D:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 HSF_DPV;HSF_DPV; D:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2006-02-07 935424]
R3 HSXHWAZL;HSXHWAZL; D:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2006-02-07 196608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; D:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-04 92544]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-16 3687008]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; D:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-05-09 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; D:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-05-09 13184]
R3 nvsmu;nvsmu; D:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 11136]
R3 RimVSerPort;RIM Virtual Serial Port v2; D:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 StillCam;Still Serial Digital Camera Driver; D:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 winachsf;winachsf; D:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2006-02-07 672256]
S3 BTDriver;Bluetooth Virtual Communications Driver; D:\WINDOWS\system32\DRIVERS\btport.sys [2006-06-07 30459]
S3 BTWDNDIS;Bluetooth LAN Access Server; D:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-06-07 149028]
S3 btwhid;btwhid; D:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-06-07 47811]
S3 btwmodem;Bluetooth Modem; D:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-06-07 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; D:\WINDOWS\System32\Drivers\btwusb.sys [2006-06-07 67384]
S3 nm;Network Monitor Driver; D:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 RimUsb;BlackBerry Device; D:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); D:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbbus;LGE CDMA Composite USB Device; D:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2004-05-03 20092]
S3 UsbDiag;LGE CDMA USB Serial Port; D:\WINDOWS\system32\DRIVERS\lgUsbDiag.sys [2004-05-03 39136]
S3 USBModem;LGE CDMA USB Modem; D:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2004-05-03 41664]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; D:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2008-06-24 716272]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodesk Licensing Service;Autodesk Licensing Service; D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-02-08 79360]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; D:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-06-07 266295]
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit; G:\Business Utilities\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe [2007-09-24 65536]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2006-08-16 143426]
R2 Pml Driver HPZ12;Pml Driver HPZ12; D:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2007-11-08 66872]
R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; D:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-04-22 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-23 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-23 166648]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-08 654848]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; D:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-04-22 88824]
S3 RoxMediaDB9;RoxMediaDB9; D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-23 1010424]
S4 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]

-----------------EOF-----------------


Info.txt
High Definition Audio Driver Package - KB888111-->"D:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Downloads\System Programs\Hijack This\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 2.0 (KB918842)-->D:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {5FD48194-AD97-46A1-ABDB-12FC85916742} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Hotfix for Windows XP (KB915865)-->"D:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotkey 1.1.7-->"D:\Program Files\Hotkey Management\unins000.exe"
HP PSC & Officejet 5.3.B Corporate Edition-->"D:\Program Files\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile hposcr07.dat
ImgBurn-->"c:\Program Files\ImgBurn\uninstall.exe"
Insurgency ( Remove only)-->"c:\program files\steam\SteamApps\SourceMods\Insurgency\uninstall.exe"
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
LG USB Modem driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
LimeWire 4.18.5-->"c:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.5 (build 0261)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.5.79-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Matroska Pack-->C:\Program Files\Matroska Pack\uninstall.exe
Microsoft .NET Framework 2.0-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Halo Custom Edition-->"G:\Games\Halo Custom Edition\Uninstal.exe" /runtemp /addremove
Microsoft Halo-->"G:\Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"D:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Nations at War-->"c:\Program Files\EA GAMES\Battlefield 2\mods\naw\Uninstall\MOD\N.A.W 5.0 uninstall.exe" "/U:c:\Program Files\EA GAMES\Battlefield 2\mods\naw\Uninstall\MOD\uninstall N.A.W 5.0.xml"
Nero 6 Enterprise Edition-->c:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NoteBurner 1.24-->"D:\Program Files\NoteBurner\unins000.exe"
NVIDIA Drivers-->D:\WINDOWS\system32\nvudisp.exe UninstallGUI
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Peggle Extreme-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3483
PoE:2 v2.1.0.0-->c:\Program Files\EA GAMES\Battlefield 2\mods\poe2\uninstall.exe
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
Power Manager 2.1.4-->"D:\Program Files\Power Manager\unins000.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PunkBuster for Battlefield 1942-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{127B684B-A002-44C8-99A7-6CF8F1E26873}\setup.exe" -l0x9
PunkBuster for Battlefield Vietnam-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9
PunkBuster for Joint Operations: Typhoon Rising-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}\setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Real Alternative 1.60-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
River Past 3GP Booster Pack-->D:\WINDOWS\3GP Booster Pack Uninstaller.exe
River Past Audio Converter Pro-->D:\WINDOWS\Audio Converter Pro Uninstaller.exe
River Past MOV Booster Pack-->D:\WINDOWS\MOV Booster Pack Uninstaller.exe
River Past PlayDV-->D:\WINDOWS\PlayDV Uninstaller.exe
River Past Video Cleaner Pro-->D:\WINDOWS\Video Cleaner Pro Uninstaller.exe
River Past Video Slice-->D:\WINDOWS\Video Slice Uninstaller.exe
River Past Web Slides-->D:\WINDOWS\Web Slides Uninstaller.exe
Roxio Media Manager-->MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Sony Vegas Movie Studio Platinum 8.0-->MsiExec.exe /X{987B8E44-5E06-48A5-9745-46EB2B8A3CB0}
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy 1.5.2.20-->"D:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tactical Ops 3.1.5 MOD-->G:\Games\UNREAL~1\UNWISE.EXE G:\Games\UNREAL~1\INSTALL.LOG
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{AF131494-F5D8-45C5-938C-D5F020CF1B0D}\setup.exe" -l0x9
Turbo Squid Tentacles 3ds Max 2008-->MsiExec.exe /X{72019134-3A61-4C39-A540-245600C4CDFA}
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
Unreal Tournament 2004-->G:\Games\UT2004\System\Setup.exe uninstall "UT2004"
Unreal Tournament G.O.T.Y. Edition-->G:\Games\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Video Edit Magic 4.14-->"C:\Program Files\Deskshare\Video Edit Magic 4.1\unins000.exe"
Viewpoint Media Player-->D:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WebShot-->"C:\Program Files\WebShot\unins000.exe"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Winamp-->"D:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->D:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u D:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Installer 3.1 (KB893803)-->"D:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"D:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 9 Hotfix - KB892313-->"D:\WINDOWS\$NtUninstallKB892313$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wireless LAN Driver Installation Program-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D90E672A-CC7E-4CDF-82CB-4CC0465BDC91}\setup.exe" -l0x9 -removeonly
WM Recorder 12.1-->C:\Program Files\WMR11\Uninstal.exe
XviD 1.1 final uninstall-->"D:\Program Files\XviD\unins000.exe"

======Hosts File======

127.0.0.1 localhost

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\Common Files\Roxio Shared\DLLShared\;D:\Program Files\Common Files\Roxio Shared\DLLShared\;D:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;G:\Business Utilities\Autodesk\Backburner\;D:\Program Files\Common Files\Autodesk Shared\;D:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=4802
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"RoxioCentral"=D:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;D:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

heero
2008-09-18, 06:50
Let me add that after i click on google.com it says in the bottom left of my browser:

"waiting for 78.157.142.58"
and "transferring data from 78.157.142.58"

looks like it is routing me to another ip address? or is this standard for google?

heero
2008-09-18, 06:57
NEW NEWS!!
Installed "NoScript" on Firefox and limited google to partially allow javascript and firefox no longer redirected my search results - problem fixed on firefox.

anyways this means that the issue is a deep javascript issue... should i delete javascript and remove any remains from my hard drive? Hopefully i can find a noscript sort of thing for IE7 since my job requires me to use both browsers...

heero
2008-09-18, 07:05
anyways I have been doing a lot of self-discovery and found that if I added www.google.com to my IE7 list of Restricted Sites, it would not allow javascript to run on the site and my results were all genuine.
Once again this doesnt solve the problem of what is going on with my system but it does prove that the problem is with java.
Thanks!:snorkle:

Blade81
2008-09-18, 07:54
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


LimeWire 4.18.5


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Delete these folders afterwards (if still exist):

C:\Program Files\Azureus
C:\Program Files\uTorrent
C:\Program Files\LimeWire
D:\Documents and Settings\RAP\Application Data\LimeWire
D:\Documents and Settings\RAP\Application Data\uTorrent

and files:
C:\StubInstaller.exe
C:\Downloads\System Programs\StubInstaller.exe


Empty Recycle Bin.

After that:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

heero
2008-09-18, 10:07
ComboFix 08-09-16.05 - RAP 2008-09-17 23:46:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1509 [GMT -8:00]
Running from: C:\Downloads\System Programs\Antivirus\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\RAP\Application Data\SEMBLY~1
D:\Documents and Settings\RAP\Application Data\SEMBLY~1\??sembly\
D:\Program Files\AntiVirusPro
D:\Program Files\Common Files\icroso~1.net
D:\WINDOWS\BM13f4ae9f.txt
D:\WINDOWS\system32\__c0097CD1.dat
D:\WINDOWS\system32\~.exe
D:\WINDOWS\system32\a1
D:\WINDOWS\system32\boirnecn.dllbox
D:\WINDOWS\system32\ccs.so
D:\WINDOWS\system32\efcDUmkI(2).dll
D:\WINDOWS\system32\ehkmp.bak1
D:\WINDOWS\system32\ehkmp.bak2
D:\WINDOWS\system32\FNqtvyxx.ini2
D:\WINDOWS\system32\g2
D:\WINDOWS\system32\gh.l
D:\WINDOWS\system32\h1
D:\WINDOWS\system32\hljwugsf.bin
D:\WINDOWS\system32\jtuvgczt.dllbox
D:\WINDOWS\system32\llkkj.bak1
D:\WINDOWS\system32\llkkj.tmp
D:\WINDOWS\system32\mn.n
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\nnnKaBsS(2).dll
D:\WINDOWS\system32\ntpl.bin
D:\WINDOWS\system32\opqpsrqr.ini
D:\WINDOWS\system32\opqpsrqr.ini2
D:\WINDOWS\system32\pac.txt
D:\WINDOWS\system32\r2
D:\WINDOWS\system32\setup.exe.tmp
D:\WINDOWS\system32\tzqvrvkf.dllbox
D:\WINDOWS\system32\yl.po

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.

2008-09-17 19:12 . 2008-09-17 19:12 <DIR> d-------- D:\rsit
2008-09-14 22:16 . 2008-09-17 20:18 <DIR> d-------- D:\!KillBox
2008-09-14 21:43 . 2008-09-14 21:49 <DIR> d-------- D:\fixwareout
2008-09-07 21:02 . 2008-09-07 21:02 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2008-08-24 18:15 . 2008-09-16 11:51 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-08-24 18:15 . 2008-08-24 18:15 1,409 --a------ D:\WINDOWS\QTFont.for
2008-08-21 00:44 . 2008-08-21 00:44 <DIR> d-------- D:\Program Files\EA GAMES
2008-08-20 22:10 . 2008-09-05 18:46 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\LimeWire
2008-08-20 22:09 . 2008-09-05 17:31 <DIR> d-------- D:\Documents and Settings\RAP\Application Data\LimeWire
2008-08-20 22:09 . 2008-08-20 22:09 <DIR> d-------- D:\Documents and Settings\Administrator
2008-08-20 14:57 . 2008-08-20 14:57 <DIR> d-------- D:\Program Files\MSBuild
2008-08-20 14:57 . 2008-08-20 14:57 <DIR> d-------- D:\Program Files\Microsoft Works
2008-08-20 14:54 . 2008-08-20 14:54 <DIR> d-------- D:\Program Files\Microsoft.NET
2008-08-20 14:49 . 2008-08-20 14:49 <DIR> d-------- D:\Program Files\Microsoft Visual Studio 8
2008-08-20 14:48 . 2008-08-20 21:00 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 04:16 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 06:28 --------- d-----w D:\Program Files\Java
2008-08-25 05:07 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-21 06:33 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-08-17 21:26 --------- d-----w D:\Documents and Settings\RAP\Application Data\Winamp
2008-08-09 20:54 --------- d-----w D:\Program Files\Hewlett-Packard
2008-08-09 20:54 --------- d-----w D:\Program Files\Common Files\Hewlett-Packard
2008-08-09 20:29 --------- d-----w D:\Program Files\HP
2008-08-09 17:53 --------- d-----w D:\Program Files\Winamp
2008-08-08 23:06 --------- d-----w D:\Documents and Settings\RAP\Application Data\U3
2008-08-02 05:25 --------- d-----w D:\Documents and Settings\RAP\Application Data\vlc
2008-07-31 03:56 --------- d-----w D:\Documents and Settings\RAP\Application Data\Logitech(2)
2008-07-31 03:32 0 ---ha-w D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-31 03:32 0 ---ha-w D:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-30 00:01 --------- d-----w D:\Program Files\Citrix
2008-07-22 21:10 --------- d-----w D:\Documents and Settings\RAP\Application Data\IrfanView
2008-07-14 21:01 111,928 ----a-w D:\WINDOWS\system32\PnkBstrB.exe
2008-07-03 19:59 161,260 ----a-w D:\WINDOWS\Audio Converter Pro Uninstaller.exe
2007-11-08 01:20 22,328 -c--a-w D:\Documents and Settings\RAP\Application Data\PnkBstrK.sys
1990-01-01 01:01 40,960 --sh--r D:\WINDOWS\system32\KcrnadDrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2005-08-05 67160]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FuncKey"="D:\Program Files\Hotkey Management\FuncKey.exe" [2006-10-09 139264]
"PowerManager"="D:\Program Files\Power Manager\PM.exe" [2006-10-09 151552]
"Apoint"="D:\Program Files\Apoint2K\Apoint.exe" [2006-10-02 151552]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-08-16 7585792]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"amd_dc_opt"="D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 D:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 D:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-08-16 D:\WINDOWS\system32\nwiz.exe]

D:\Documents and Settings\RAP\Start Menu\Programs\Startup\
YzDock.lnk - C:\Program Files\YzDock\YzDock.exe [2003-06-03 386560]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-06-07 553021]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"vidc.vp31"= vp31vfw.dll
"msacm.ac3filter"= ac3filter.acm
"aux2"= sysaudio.sys

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=D:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=D:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winamp.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winamp.lnk
backup=D:\WINDOWS\pss\Winamp.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^RAP^Start Menu^Programs^Startup^MagicDisc.lnk]
path=D:\Documents and Settings\RAP\Start Menu\Programs\Startup\MagicDisc.lnk
backup=D:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^RAP^Start Menu^Programs^Startup^Winamp.lnk]
path=D:\Documents and Settings\RAP\Start Menu\Programs\Startup\Winamp.lnk
backup=D:\WINDOWS\pss\Winamp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 19:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
--a------ 2007-07-23 08:06 77824 D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 20:37 413696 D:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a--c--- 2007-04-23 11:43 228088 D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-06-21 11:06 1318912 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sureshotpopupkiller]
--a------ 2003-05-19 14:55 2240512 C:\Program Files\Stop-the-Pop-Up\stopthepop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AirPort Base Station Agent"="C:\Program Files\AirPort\APAgent.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Steam\\SteamApps\\edit@edit.com\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
"G:\\Games\\Halo\\halo.exe"=
"G:\\Games\\Battlefield 2142\\BF2142.exe"=
"D:\\WINDOWS\\system32\\PnkBstrA.exe"=
"D:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\SteamApps\\edit@edit.com\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\BitPim\\bitpimw.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Steam\\SteamApps\\edit@edit.com\\source sdk base\\hl2.exe"=
"G:\\Games\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"D:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"G:\\Business Utilities\\Autodesk\\Backburner\\monitor.exe"=
"G:\\Business Utilities\\Autodesk\\Backburner\\manager.exe"=
"G:\\Business Utilities\\Autodesk\\Backburner\\server.exe"=
"G:\\Business Utilities\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"G:\\Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\PrinterDrivers\\setup\\HPZnet01.exe"=
"D:\\PrinterDrivers\\setup\\hponicifs01.exe"=
"D:\\WINDOWS\\system32\\spoolsv.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour

R0 ntcdrdrv;ntcdrdrv;D:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [2007-02-26 13184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e4bb5a-9aba-11dc-8922-00140b07ee14}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cff47e50-6575-11dd-8a65-00140b07ee14}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{DB0A0B68-2F3C-51D2-A901-9381E136D21A} - (no file)
MSConfigStartUp-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe
MSConfigStartUp-SunJavaUpdateSched - D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\RAP\Application Data\Mozilla\Firefox\Profiles\d98umbon.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
FF -: plugin - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
FF -: plugin - D:\Documents and Settings\RAP\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.

**************************************************************************

disk not found G:\

please note that you need administrator rights to perform deep scan
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 23:52:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
G:\Business Utilities\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Apoint2K\ApntEx.exe
.
**************************************************************************
.
Completion time: 2008-09-17 23:56:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-18 07:55:41

Pre-Run: 854,011,904 bytes free
Post-Run: 768,065,536 bytes free

257




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:05 AM, on 9/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
G:\Business Utilities\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Hotkey Management\FuncKey.exe
D:\Program Files\Power Manager\PM.exe
D:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AIM\aim.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\YzDock\YzDock.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\RAP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Downloads\System Programs\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [FuncKey] "D:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [PowerManager] D:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [Apoint] D:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: YzDock.lnk = C:\Program Files\YzDock\YzDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - G:\Business Utilities\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - D:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - D:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 8134 bytes

Blade81
2008-09-18, 17:36
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



Folder::
D:\Documents and Settings\Administrator\Application Data\LimeWire
D:\Documents and Settings\RAP\Application Data\LimeWire



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleanerİ by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



* Go here (http://www.eset.eu/online-scanner) to run an online scannner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is un-checked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a new HijackThis log and above meantioned ComboFix resultant log & a description of any remaining problems

Blade81
2008-09-25, 23:27
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.