PDA

View Full Version : Need help with hijackthis log file



Woomera
2008-10-12, 23:56
ive been experiencing some random resets on my vista X64 ultimate lately, so far i have:
1.checked the system with KIS 2009(up-to-date)
2.checked the system with Spybot(up-to-date)
3.checked the system with Ad-Aware(up-to-date)
4.ran SFC /SCANNOW

and so far no luck.so today i ran hijackthis and got the following informations, i seem to have many files mising from different services but dont know why SFC couldnt find anything.
really appreciate if anyone could help out with this...

HiJackThis log(scanned after i quit all my softwares):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:40 PM, on 10/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=193.251.135.116:8080;http=193.251.135.116:8080;https=193.251.135.116:8080;socks=193.251.135.116:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;192.168.150.0;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat\bin\Server4PC.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Woomera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Woomera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O20 - AppInit_DLLs: D:\PROGRA~2\KASPER~1\mzvkbd.dll,D:\PROGRA~2\KASPER~1\mzvkbd3.dll,D:\PROGRA~2\KASPER~1\adialhk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ezProxy - Unknown owner - D:\Program Files\ezProxy\ezEngine.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9587 bytes

Shaba
2008-10-13, 11:53
Hi Woomera

Missing services are due to vista 64 bit, it is HijackThis bug.

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Woomera
2008-10-13, 19:45
thanks for the reply,
here is the Info.txt content:

info.txt logfile of random's system information tool 1.04 2008-10-13 20:11:42

======Uninstall list======

@BIOS -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Absolute Poker-->c:\Poker Application\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
ACDSee Pro 2-->MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{A4464AC3-D85E-4649-8748-706191063DF6}
Adobe Asset Services CS3-->MsiExec.exe /I{7302810D-7ACF-4339-B27B-57016CAADDCD}
Adobe Bridge CS3-->MsiExec.exe /I{FABA59CC-347B-478B-B2A7-37BF0885CACB}
Adobe Bridge Start Meeting-->MsiExec.exe /I{CE52110A-7773-444F-9E5D-4A45E4792DB6}
Adobe Camera Raw 4.0-->MsiExec.exe /I{AED353B9-E6D7-406F-B007-2C55C5265EB3}
Adobe CMaps-->MsiExec.exe /I{D8FC8E35-D397-4C16-87AE-141A625221E4}
Adobe Default Language CS3-->MsiExec.exe /I{D446BA40-1F5F-44EB-A794-0AC14F809C79}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{F36CFE58-47C0-4D75-995B-E0172563FA83}
Adobe Flash Player Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{162DDD86-C087-4E59-B7A8-0C1D8F884A9A}
Adobe Help Viewer 1.1-->MsiExec.exe /I{F3697BA5-C8D8-4925-ACCA-F486C76BAD33}
Adobe Linguistics CS3-->MsiExec.exe /I{E5C28906-EC86-404E-BB4F-6AB2590451FF}
Adobe PDF Library Files-->MsiExec.exe /I{91D829E6-F1D1-433F-861F-0552DFED0EAD}
Adobe Photoshop CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{F32F1F7C-322D-46B9-B69A-5C3EDC88B74C}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}
Adobe Stock Photos CS3-->MsiExec.exe /I{73B79E83-490B-460D-B0D6-2C7B73980325}
Adobe Type Support-->MsiExec.exe /I{A78A65E4-1D88-477A-83B4-3EC540F6A55A}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{BF18C55F-791F-4C17-AB75-E397EE01C14B}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{51DC4D9C-F729-48A7-9CE0-BC77529ECCA2}
Adobe XMP Panels CS3-->MsiExec.exe /I{F0CF6455-EDD8-41C6-A96A-223874E660CC}
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AIMP2-->D:\Program Files\AIMP\UnInstall.exe
AnalogX Proxy-->D:\Program Files\AnalogX\Proxy\proxyu.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Free 3.5-->"D:\Program Files\a-squared Free\unins000.exe"
Beyond TV DVD Burning Foundation-->MsiExec.exe /I{C29B13CC-F0C5-4973-8980-2BCDC7C44E39}
BurnAware Free 2.1.2-->"D:\Program Files\BurnAware Free\unins000.exe"
Chronograph 6.0-->"D:\Program Files\Chronograph\unins000.exe"
Dawn of War - Soulstorm-->"C:\Program Files (x86)\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly
DivX Codec-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->D:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DMIView B06.1227.01-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9 -removeonly
DVBViewer Technisat Edition-->"C:\Program Files (x86)\DVBViewerTE\unins000.exe"
Easy Tune 6 B08.0516.2-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
EMCO UnLock IT-->"D:\Program Files\UnLock IT\unins000.exe"
Energy Saver Advance B8.0520.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7ED169D4-5053-4166-93DF-53B12AE6C539}\setup.exe" -l0x9 -removeonly
ezProxy-->"D:\Program Files\ezProxy\unins000.exe"
ffdshow [rev 1723] [2007-12-24]-->"D:\Program Files\ffdshow\unins000.exe"
Fraps (remove only)-->"D:\Program Files\Fraps\uninstall.exe"
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
HijackThis 2.0.2-->"D:\Download\HijackThis.exe" /uninstall
HoverIP v1.0 beta-->"D:\Program Files\HoverIP\unins000.exe"
ICQ 5.1-->D:\Program Files\ICQLite\ICQLiteUninstall.EXE
Internet Download Manager-->D:\Program Files\Internet Download Manager\Uninstall.exe
InterVideo WinDVR 3-->"C:\Program Files (x86)\InstallShield Installation Information\{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}\setup.exe" REMOVEALL
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Logitech SetPoint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
LogMeIn-->MsiExec.exe /I{E256842C-AD14-4BDC-87B2-B3A4A7037837}
MainConcept DTV Decoder Standard-->MsiExec.exe /I{059A00AC-1205-423C-91C7-7E6168D804DA}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Miranda IM 0.7.10-->D:\Program Files\Miranda IM\Uninstall.exe
Mozilla Firefox (3.0.3)-->D:\Program Files\Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetLimiter 2 Pro (remove only)-->"C:\Program Files\NetLimiter 2 Pro\nl2uninst.exe"
Nmap 4.62-->"D:\Program Files\Nmap\uninstall.exe"
ObjectDock-->D:\PROGRA~2\OBJECT~1\UNWISE.EXE D:\PROGRA~2\OBJECT~1\INSTALL.LOG
OpenAL-->"C:\Program Files (x86)\OpenAL\OalinstGridRelease.exe" /U
OPENSKY Connection Manager 1.0-->"C:\Program Files (x86)\OPENSKY Connection Manager\unins000.exe"
OpenSSL 0.9.8g Light-->"C:\OpenSSL\unins000.exe"
Opera 9.60-->MsiExec.exe /X{D2F5287E-5F0E-447B-9157-B08AA4E2AC76}
PageNest-->"D:\Program Files\PageNest\unins000.exe"
phpDesigner 2008 version 6.0.0-->"D:\Program Files\phpDesigner 2008\unins000.exe"
Picasa 3-->"D:\Program Files\Picasa3\Uninstall.exe"
PL-2303 Vista Driver Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}\setup.exe" -l0x9 -removeonly
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall
ProgDVB-->D:\Program Files\ProgDVB\uninstall.exe
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
R-Drive Image (remove only)-->"D:\Program Files\R-Drive\R-DriveImage-uninstaller.exe"
Real Alternative 1.7.5-->"D:\Program Files\Real Alternative\unins000.exe"
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Remove NGO Driver Installation Files-->C:\Windows\unvise32.exe C:\Program Files (x86)\NGO NVIDIA Optimized Driver v1.16925\uninstal.log
RocketDock 1.3.5-->"D:\Program Files\RocketDock\unins000.exe"
S.T.A.L.K.E.R. - Clear Sky [v1.0004]-->"E:\S.T.A.L.K.E.R. - Clear Sky\unins000.exe"
SatTorrent NG 1.1rc3-->"D:\Program Files\SattorrentNG\unins000.exe"
Shareaza 2.3.1.0-->"D:\Program Files\Shareaza\Uninstall\unins000.exe"
SnapStream Beyond TV 4.8.1-->"D:\Program Files\Beyond TV\uninstall-btv.exe"
SnapStream Firefly Mini 1.0.2-->"C:\Program Files (x86)\SnapStream Media\Firefly Mini\Uninstall.exe"
Spiceworks-->D:\Program Files\Spiceworks\uninst.exe
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
TechniSat DVB-PC TV Star-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D032A7F0-8B5C-4603-8B46-235025D5F9C1}\setup.exe" -l0x9 anything -removeonly
Technisat DVB-VC80 Redistributable Modules-->MsiExec.exe /I{134007CC-7026-46C2-B46F-40D9FD2AF385}
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
UltraISO Premium V9.3-->"D:\Program Files\UltraISO\unins000.exe"
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6e-->D:\Program Files\VLC\uninstall.exe
Visual Studio 2005 Redist Package-->MsiExec.exe /I{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}
winpcap-nmap 4.02-->"D:\Program Files\WinPcap\uninstall.exe"
winpwn-2.5 2.5.0.0-->D:\Program Files\winpwn-2.5\uninstall winpwn-2.5.exe
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
WinSCP 4.1.6-->"D:\Program Files\WinSCP\unins000.exe"
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xilisoft Video Converter Ultimate-->D:\Program Files\Xilisoft Video Converter Ultimate\Uninstall.exe
XnView 1.91.1-->"D:\Program Files\XnView\unins000.exe"

======Hosts File======

127.255.255.255 serial.alcohol-soft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: Kaspersky Internet Security
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender
AS: Kaspersky Internet Security

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32;D:\PROGRA~2\VIRTUA~1\DVDCRE~1;C:\Program Files\Microsoft Network Monitor 3\;D:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"OPENSSL_CONF"=C:\OpenSSL\bin\openssl.cnf
"CLASSPATH"=.;D:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=D:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Woomera
2008-10-13, 19:46
and here is log.txt content:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Woomera at 2008-10-13 20:10:59
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 34 GB (52%) free of 65 GB
Total RAM: 4094 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:40 PM, on 10/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\TechniSat\bin\Server4PC.exe
D:\Program Files\ObjectDock\ObjectDock.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\TechniSat\bin\Server4PC.exe
D:\Program Files\Opera\opera.exe
D:\Program Files\Miranda IM\miranda32.exe
D:\Program Files\Firefox\firefox.exe
D:\Download\RSIT.exe
C:\Program Files (x86)\trend micro\Woomera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=193.251.135.116:8080;http=193.251.135.116:8080;https=193.251.135.116:8080;socks=193.251.135.116:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;192.168.150.0;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat\bin\Server4PC.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Woomera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Woomera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{92B4F914-6923-4F65-B2B3-38175D13B227}: NameServer = 193.251.135.65 193.251.135.70
O20 - AppInit_DLLs: D:\PROGRA~2\KASPER~1\mzvkbd.dll,D:\PROGRA~2\KASPER~1\mzvkbd3.dll,D:\PROGRA~2\KASPER~1\adialhk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ezProxy - Unknown owner - D:\Program Files\ezProxy\ezEngine.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10477 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - D:\Program Files\Internet Download Manager\IDMIECC.dll [2008-07-09 132528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Program Files\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"EasyTuneVI"=C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"AVP"=D:\Program Files\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1555968]
"IDMan"=D:\Program Files\Internet Download Manager\IDMan.exe [2008-07-15 931248]
"AlcoholAutomount"=D:\Program Files\Alcohol 120\axcmd.exe [2008-02-22 217544]
"RocketDock"=D:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Server4PC.lnk - D:\Program Files\TechniSat\bin\Server4PC.exe

C:\Users\Woomera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - D:\Program Files\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="D:\PROGRA~2\KASPER~1\mzvkbd.dll,D:\PROGRA~2\KASPER~1\mzvkbd3.dll,D:\PROGRA~2\KASPER~1\adialhk.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22600aa4-39f6-11dd-bdaa-001d7d014ee6}]
shell\AutoRun\command - K:\isaautorun.exe
shell\verb\command - K:\isaautorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c34053-2a1e-11dd-9fab-001d7d014ee6}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dc87602-601b-11dd-9bdf-0008c9a07485}]
shell\AutoRun\command - K:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901d0d4e-2a2d-11dd-badf-806e6f6e6963}]
shell\AutoRun\command - F:\Run.exe


======List of files/folders created in the last 1 months======

2008-10-13 20:10:59 ----D---- C:\rsit
2008-10-13 20:10:59 ----D---- C:\Program Files (x86)\trend micro
2008-10-13 03:33:27 ----A---- C:\Windows\ntbtlog.txt
2008-10-13 00:35:12 ----D---- C:\VundoFix Backups
2008-10-13 00:35:12 ----A---- C:\VundoFix.txt
2008-10-12 18:28:20 ----D---- C:\ProgramData\Lavasoft
2008-10-12 14:37:59 ----D---- C:\ProgramData\Kaspersky Lab
2008-10-12 14:31:09 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2008-10-08 20:58:03 ----D---- C:\ProgramData\Raxco
2008-10-07 16:28:10 ----D---- C:\Program Files (x86)\Electronic Arts
2008-10-07 15:47:22 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-07 15:47:22 ----D---- C:\Program Files (x86)\iPod
2008-10-07 15:45:07 ----D---- C:\Program Files (x86)\Apple Software Update
2008-10-07 13:02:04 ----D---- C:\Program Files (x86)\Common Files\EZB Systems
2008-10-06 18:22:54 ----HDC---- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-09-27 02:27:03 ----D---- C:\ProgramData\LogMeIn
2008-09-24 11:03:03 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-09-24 11:03:03 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-09-24 11:03:00 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-09-24 11:02:57 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-09-24 11:02:55 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-09-24 11:02:55 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-09-24 11:02:53 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-09-21 02:46:29 ----A---- C:\Users\Woomera\AppData\Roaming\burnaware.ini
2008-09-21 02:40:02 ----A---- C:\Windows\system32\MSSTDFMT.DLL
2008-09-20 20:31:35 ----A---- C:\Windows\UNBOC.EXE
2008-09-20 20:31:34 ----A---- C:\Windows\CMDLIC.DLL
2008-09-20 20:23:33 ----A---- C:\Windows\system32\gdiplus.dll
2008-09-20 20:15:30 ----D---- C:\Windows\system32\IOSUBSYS
2008-09-17 09:55:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2008-09-17 09:55:00 ----A---- C:\Windows\system32\nvoglv32.dll
2008-09-17 09:55:00 ----A---- C:\Windows\system32\nvd3dum.dll
2008-09-17 09:55:00 ----A---- C:\Windows\system32\nvcuda.dll
2008-09-15 17:42:29 ----D---- C:\ProgramData\Google
2008-09-15 17:11:28 ----A---- C:\Windows\system32\ShellManager310E2D762.dll
2008-09-15 12:51:32 ----D---- C:\ProgramData\Blizzard

======List of files/folders modified in the last 1 months======

2008-10-13 20:11:40 ----D---- C:\Windows\Prefetch
2008-10-13 20:11:36 ----D---- C:\Windows\Temp
2008-10-13 20:10:59 ----RD---- C:\Program Files (x86)
2008-10-13 19:41:50 ----D---- C:\Windows\SysWOW64
2008-10-13 19:41:34 ----D---- C:\Users\Woomera\AppData\Roaming\DMCache
2008-10-13 18:05:26 ----SHD---- C:\System Volume Information
2008-10-13 17:34:04 ----D---- C:\Windows\System32
2008-10-13 17:34:04 ----D---- C:\Windows\inf
2008-10-13 16:26:03 ----D---- C:\Windows\system32\drivers
2008-10-13 16:02:23 ----D---- C:\Users\Woomera\AppData\Roaming\XnView
2008-10-13 03:33:27 ----D---- C:\Windows
2008-10-13 01:02:39 ----RD---- C:\Users
2008-10-13 01:02:21 ----D---- C:\Windows\Debug
2008-10-13 01:01:44 ----SHD---- C:\Windows\Installer
2008-10-13 01:01:41 ----RD---- C:\Program Files
2008-10-13 01:00:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-12 18:28:20 ----HD---- C:\ProgramData
2008-10-12 18:27:08 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-10-12 14:29:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-10-10 01:14:19 ----D---- C:\Users\Woomera\AppData\Roaming\COWON
2008-10-10 01:13:26 ----D---- C:\Program Files (x86)\Common Files
2008-10-09 18:40:36 ----D---- C:\Program Files (x86)\Common Files\Nero
2008-10-09 18:40:35 ----D---- C:\ProgramData\Nero
2008-10-09 18:40:07 ----A---- C:\Windows\system32\MsiExec.exe.log
2008-10-09 11:54:58 ----A---- C:\Windows\NeroDigital.ini
2008-10-08 21:46:57 ----D---- C:\ProgramData\NVIDIA
2008-10-08 19:44:40 ----D---- C:\Program Files (x86)\Bonjour
2008-10-07 15:50:43 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2008-10-07 15:46:08 ----D---- C:\Program Files (x86)\Common Files\Apple
2008-10-06 21:01:10 ----SD---- C:\Users\Woomera\AppData\Roaming\Microsoft
2008-09-27 17:37:39 ----D---- C:\Windows\winsxs
2008-09-27 04:47:55 ----D---- C:\Windows\Tasks
2008-09-24 11:02:06 ----RSD---- C:\Windows\assembly
2008-09-24 10:50:12 ----D---- C:\Windows\Logs
2008-09-22 11:08:04 ----D---- C:\Users\Woomera\AppData\Roaming\Miranda
2008-09-20 20:15:29 ----D---- C:\Program Files (x86)\Google
2008-09-20 18:23:52 ----AD---- C:\ProgramData\TEMP
2008-09-18 16:37:38 ----D---- C:\Users\Woomera\AppData\Roaming\IDM
2008-09-17 15:55:51 ----D---- C:\ProgramData\Microsoft Help
2008-09-17 15:54:32 ----D---- C:\Windows\ShellNew
2008-09-17 09:55:00 ----A---- C:\Windows\system32\nvapi.dll
2008-09-15 19:11:03 ----D---- C:\Users\Woomera\AppData\Roaming\FileZilla
2008-09-15 12:55:58 ----D---- C:\Windows\Resources
2008-09-15 00:18:04 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys []
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys []
R1 nltdi;nltdi; \??\C:\Windows\system32\drivers\nltdi.sys []
R1 nm3;Microsoft Network Monitor 3 Driver; C:\Windows\system32\DRIVERS\nm3.sys []
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys []
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\Program Files\LogMeIn\x64\RaInfo.sys [2008-07-24 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys []
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-10-13 20544]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
R3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2008-10-13 30528]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
R3 MRV6X64P;Vista 64-bits Native WiFi Driver; C:\Windows\system32\DRIVERS\MRVW13C.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys []
R3 SKYNET;TechniSat DVB-PC TV Star PCI; C:\Windows\system32\DRIVERS\SkyNET_AMD64.SYS []
S3 a2yx4of2;a2yx4of2; C:\Windows\system32\drivers\a2yx4of2.sys []
S3 BOCDRIVE;BOClean Kernel Monitor.; \??\D:\Program Files\Comodo BOClean\BOCDRIVE.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 DrvSnSht;DrvSnSht; \??\D:\Program Files\R-Drive\DrvSnSht64.sys [2007-12-30 120792]
S3 fcdabus;fcdabus; C:\Windows\system32\DRIVERS\fcdabus.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPF;WinPcap Packet Driver (NPF); C:\Windows\system32\drivers\NPF.sys [2008-05-03 34064]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2005-02-04 10368]
S3 R-ImageDisk;R-ImageDisk; \??\D:\Program Files\R-Drive\R-ImageDisk64.sys [2007-12-30 127064]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl64.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; D:\Program Files\a-squared Free\a2service.exe [2008-07-31 380536]
R2 aawservice;Lavasoft Ad-Aware Service; D:\Program Files\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AVP;Kaspersky Internet Security; D:\Program Files\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 ezProxy;ezProxy; D:\Program Files\ezProxy\ezEngine.exe [2008-05-06 1044480]
R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392]
R2 LMIMaint;LogMeIn Maintenance Service; D:\Program Files\LogMeIn\x64\RaMaint.exe [2008-09-01 120128]
R2 LogMeIn;LogMeIn; D:\Program Files\LogMeIn\x64\LogMeIn.exe [2008-07-24 57920]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2007-05-13 867840]
R2 NMSAccessU;NMSAccessU; D:\Program Files\BurnAware Free\nmsaccessu.exe [2007-05-04 71360]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-07-18 1101576]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-05 93696]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-25 654848]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-07-18 1285896]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-18 19968]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe []
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S4 nTuneService;nTune Service; D:\Program Files\nTune\nTune\nTuneService.exe /StartService []

-----------------EOF-----------------

Shaba
2008-10-13, 19:57
According to logs your copy of Alcohol 120 is not legit.

So please uninstall it and post back a fresh RSIT log, please.

Woomera
2008-10-14, 10:13
i dont know why but this time it only returned LOG.TXT ,i tried to run it several time but only log.txt shows up and no info.txt.why is that?

here is the log.txt contents:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Woomera at 2008-10-14 10:40:49
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 30 GB (46%) free of 65 GB
Total RAM: 4094 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:55 AM, on 10/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\TechniSat\bin\Server4PC.exe
D:\Program Files\ObjectDock\ObjectDock.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
D:\Program Files\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\TechniSat\bin\Server4PC.exe
D:\Program Files\Opera\opera.exe
D:\Program Files\Miranda IM\miranda32.exe
E:\World of Warcraft\BackgroundDownloader.exe
D:\Admin Tools\random's system information tool\RSIT.exe
C:\Program Files (x86)\trend micro\Woomera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=193.251.135.116:8080;http=193.251.135.116:8080;https=193.251.135.116:8080;socks=193.251.135.116:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;192.168.150.0;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat\bin\Server4PC.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Woomera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Woomera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\FRONTP~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{92B4F914-6923-4F65-B2B3-38175D13B227}: NameServer = 193.251.135.65 193.251.135.70
O20 - AppInit_DLLs: D:\PROGRA~2\KASPER~1\mzvkbd.dll,D:\PROGRA~2\KASPER~1\mzvkbd3.dll,D:\PROGRA~2\KASPER~1\adialhk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ezProxy - Unknown owner - D:\Program Files\ezProxy\ezEngine.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10141 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - D:\Program Files\Internet Download Manager\IDMIECC.dll [2008-07-09 132528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Program Files\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"EasyTuneVI"=C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"AVP"=D:\Program Files\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1555968]
"IDMan"=D:\Program Files\Internet Download Manager\IDMan.exe [2008-07-15 931248]
"RocketDock"=D:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 239104]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Server4PC.lnk - D:\Program Files\TechniSat\bin\Server4PC.exe

C:\Users\Woomera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - D:\Program Files\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="D:\PROGRA~2\KASPER~1\mzvkbd.dll,D:\PROGRA~2\KASPER~1\mzvkbd3.dll,D:\PROGRA~2\KASPER~1\adialhk.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22600aa4-39f6-11dd-bdaa-001d7d014ee6}]
shell\AutoRun\command - K:\isaautorun.exe
shell\verb\command - K:\isaautorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c34053-2a1e-11dd-9fab-001d7d014ee6}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dc87602-601b-11dd-9bdf-0008c9a07485}]
shell\AutoRun\command - K:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{901d0d4e-2a2d-11dd-badf-806e6f6e6963}]
shell\AutoRun\command - F:\Run.exe


======List of files/folders created in the last 1 months======

2008-10-14 10:11:00 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-10-14 10:10:59 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-10-14 10:10:46 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-10-14 00:37:44 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-10-14 00:37:36 ----D---- C:\Program Files (x86)\Microsoft Games
2008-10-14 00:37:18 ----D---- C:\Program Files (x86)\MSXML 4.0
2008-10-13 22:13:16 ----A---- C:\Windows\system32\msshooks.dll
2008-10-13 22:13:16 ----A---- C:\Windows\system32\msscb.dll
2008-10-13 22:13:16 ----A---- C:\Windows\system32\mimefilt.dll
2008-10-13 22:13:13 ----A---- C:\Windows\system32\thawbrkr.dll
2008-10-13 22:13:13 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-10-13 22:13:13 ----A---- C:\Windows\system32\propsys.dll
2008-10-13 22:13:13 ----A---- C:\Windows\system32\propdefs.dll
2008-10-13 22:13:13 ----A---- C:\Windows\system32\offfilt.dll
2008-10-13 22:13:13 ----A---- C:\Windows\system32\msstrc.dll
2008-10-13 22:13:13 ----A---- C:\Windows\system32\mssprxy.dll
2008-10-13 22:13:13 ----A---- C:\Windows\system32\mssitlb.dll
2008-10-13 22:13:13 ----A---- C:\Windows\system32\msshsq.dll
2008-10-13 22:13:13 ----A---- C:\Windows\system32\korwbrkr.dll
2008-10-13 22:13:13 ----A---- C:\Windows\system32\chsbrkr.dll
2008-10-13 22:13:12 ----A---- C:\Windows\system32\xmlfilter.dll
2008-10-13 22:13:12 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-10-13 22:13:12 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-10-13 22:13:12 ----A---- C:\Windows\system32\rtffilt.dll
2008-10-13 22:13:12 ----A---- C:\Windows\system32\nlhtml.dll
2008-10-13 22:13:12 ----A---- C:\Windows\system32\mssvp.dll
2008-10-13 22:13:12 ----A---- C:\Windows\system32\mssrch.dll
2008-10-13 22:13:12 ----A---- C:\Windows\system32\mssphtb.dll
2008-10-13 22:13:12 ----A---- C:\Windows\system32\mssph.dll
2008-10-13 22:13:12 ----A---- C:\Windows\system32\msscntrs.dll
2008-10-13 22:13:12 ----A---- C:\Windows\system32\chtbrkr.dll
2008-10-13 22:13:11 ----A---- C:\Windows\system32\tquery.dll
2008-10-13 22:09:33 ----A---- C:\Windows\system32\tzres.dll
2008-10-13 22:07:42 ----A---- C:\Windows\system32\gpprefcl.dll
2008-10-13 21:41:40 ----A---- C:\Windows\system32\gameux.dll
2008-10-13 21:41:40 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-10-13 21:41:39 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-10-13 21:40:40 ----A---- C:\Windows\system32\mshtml.dll
2008-10-13 21:40:39 ----A---- C:\Windows\system32\ieframe.dll
2008-10-13 21:40:38 ----A---- C:\Windows\system32\wininet.dll
2008-10-13 21:40:38 ----A---- C:\Windows\system32\urlmon.dll
2008-10-13 21:40:37 ----A---- C:\Windows\system32\mstime.dll
2008-10-13 21:40:37 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-13 21:39:39 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-13 21:39:39 ----A---- C:\Windows\system32\EncDec.dll
2008-10-13 21:35:14 ----A---- C:\Windows\system32\srclient.dll
2008-10-13 21:35:13 ----A---- C:\Windows\system32\kbd106n.dll
2008-10-13 21:33:23 ----A---- C:\Windows\system32\shell32.dll
2008-10-13 21:27:31 ----A---- C:\Windows\system32\wshqos.dll
2008-10-13 21:27:31 ----A---- C:\Windows\system32\traffic.dll
2008-10-13 21:27:31 ----A---- C:\Windows\system32\rpcrt4.dll
2008-10-13 21:27:31 ----A---- C:\Windows\system32\pacerprf.dll
2008-10-13 21:27:19 ----A---- C:\Windows\system32\quartz.dll
2008-10-13 21:27:18 ----A---- C:\Windows\system32\winipsec.dll
2008-10-13 21:27:18 ----A---- C:\Windows\system32\polstore.dll
2008-10-13 21:27:18 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-10-13 21:27:16 ----A---- C:\Windows\system32\wshext.dll
2008-10-13 21:27:16 ----A---- C:\Windows\system32\wscript.exe
2008-10-13 21:27:16 ----A---- C:\Windows\system32\vbscript.dll
2008-10-13 21:27:16 ----A---- C:\Windows\system32\scrrun.dll
2008-10-13 21:27:16 ----A---- C:\Windows\system32\scrobj.dll
2008-10-13 21:27:16 ----A---- C:\Windows\system32\jscript.dll
2008-10-13 21:27:16 ----A---- C:\Windows\system32\cscript.exe
2008-10-13 21:26:19 ----A---- C:\Windows\system32\gdi32.dll
2008-10-13 21:26:17 ----A---- C:\Windows\system32\inetcomm.dll
2008-10-13 21:26:16 ----A---- C:\Windows\system32\es.dll
2008-10-13 21:25:50 ----A---- C:\Windows\system32\wmpeffects.dll
2008-10-13 21:25:49 ----A---- C:\Windows\system32\dataclen.dll
2008-10-13 21:25:38 ----A---- C:\Windows\system32\wshrm.dll
2008-10-13 20:10:59 ----D---- C:\rsit
2008-10-13 20:10:59 ----D---- C:\Program Files (x86)\trend micro
2008-10-13 03:33:27 ----A---- C:\Windows\ntbtlog.txt
2008-10-13 00:35:12 ----D---- C:\VundoFix Backups
2008-10-13 00:35:12 ----A---- C:\VundoFix.txt
2008-10-12 18:28:20 ----D---- C:\ProgramData\Lavasoft
2008-10-12 14:37:59 ----D---- C:\ProgramData\Kaspersky Lab
2008-10-12 14:31:09 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2008-10-08 20:58:03 ----D---- C:\ProgramData\Raxco
2008-10-07 16:28:10 ----D---- C:\Program Files (x86)\Electronic Arts
2008-10-07 15:47:22 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-07 15:47:22 ----D---- C:\Program Files (x86)\iPod
2008-10-07 15:45:07 ----D---- C:\Program Files (x86)\Apple Software Update
2008-10-07 13:02:04 ----D---- C:\Program Files (x86)\Common Files\EZB Systems
2008-10-06 18:22:54 ----HDC---- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-09-27 02:27:03 ----D---- C:\ProgramData\LogMeIn
2008-09-24 11:03:03 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-09-24 11:03:03 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-09-24 11:03:00 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-09-24 11:02:57 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-09-24 11:02:55 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-09-24 11:02:55 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-09-24 11:02:53 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-09-21 02:46:29 ----A---- C:\Users\Woomera\AppData\Roaming\burnaware.ini
2008-09-21 02:40:02 ----A---- C:\Windows\system32\MSSTDFMT.DLL
2008-09-20 20:31:35 ----A---- C:\Windows\UNBOC.EXE
2008-09-20 20:31:34 ----A---- C:\Windows\CMDLIC.DLL
2008-09-20 20:23:33 ----A---- C:\Windows\system32\gdiplus.dll
2008-09-20 20:15:30 ----D---- C:\Windows\system32\IOSUBSYS
2008-09-17 09:55:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2008-09-17 09:55:00 ----A---- C:\Windows\system32\nvoglv32.dll
2008-09-17 09:55:00 ----A---- C:\Windows\system32\nvd3dum.dll
2008-09-17 09:55:00 ----A---- C:\Windows\system32\nvcuda.dll
2008-09-15 17:42:29 ----D---- C:\ProgramData\Google
2008-09-15 17:11:28 ----A---- C:\Windows\system32\ShellManager310E2D762.dll
2008-09-15 12:51:32 ----D---- C:\ProgramData\Blizzard

======List of files/folders modified in the last 1 months======

2008-10-14 10:40:51 ----D---- C:\Windows\Temp
2008-10-14 10:38:37 ----D---- C:\Windows\Prefetch
2008-10-14 10:34:43 ----D---- C:\Windows\System32
2008-10-14 10:34:43 ----D---- C:\Windows\inf
2008-10-14 10:31:41 ----D---- C:\Windows\SysWOW64
2008-10-14 10:31:34 ----D---- C:\Users\Woomera\AppData\Roaming\DMCache
2008-10-14 10:12:05 ----D---- C:\Windows\winsxs
2008-10-14 10:11:30 ----SHD---- C:\System Volume Information
2008-10-14 01:14:49 ----D---- C:\Windows\rescache
2008-10-14 00:37:36 ----RD---- C:\Program Files (x86)
2008-10-14 00:37:23 ----SHD---- C:\Windows\Installer
2008-10-14 00:22:44 ----RSD---- C:\Windows\assembly
2008-10-14 00:22:44 ----D---- C:\Windows\Microsoft.NET
2008-10-13 23:44:32 ----D---- C:\Program Files (x86)\Common Files\ACD Systems
2008-10-13 23:44:23 ----HD---- C:\ProgramData
2008-10-13 22:27:19 ----D---- C:\Windows
2008-10-13 22:26:55 ----D---- C:\Windows\system32\en-US
2008-10-13 22:26:55 ----D---- C:\Windows\PolicyDefinitions
2008-10-13 22:26:55 ----D---- C:\Windows\ehome
2008-10-13 22:26:55 ----D---- C:\Windows\AppPatch
2008-10-13 22:26:54 ----D---- C:\Windows\system32\migration
2008-10-13 22:26:53 ----D---- C:\Program Files (x86)\Windows Mail
2008-10-13 22:04:42 ----D---- C:\Windows\Debug
2008-10-13 22:01:42 ----D---- C:\Windows\SoftwareDistribution
2008-10-13 16:26:03 ----D---- C:\Windows\system32\drivers
2008-10-13 16:02:23 ----D---- C:\Users\Woomera\AppData\Roaming\XnView
2008-10-13 01:02:39 ----RD---- C:\Users
2008-10-13 01:01:41 ----RD---- C:\Program Files
2008-10-13 01:00:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-12 18:27:08 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2008-10-12 14:29:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-10-10 01:14:19 ----D---- C:\Users\Woomera\AppData\Roaming\COWON
2008-10-10 01:13:26 ----D---- C:\Program Files (x86)\Common Files
2008-10-09 18:40:36 ----D---- C:\Program Files (x86)\Common Files\Nero
2008-10-09 18:40:35 ----D---- C:\ProgramData\Nero
2008-10-09 18:40:07 ----A---- C:\Windows\system32\MsiExec.exe.log
2008-10-09 11:54:58 ----A---- C:\Windows\NeroDigital.ini
2008-10-08 21:46:57 ----D---- C:\ProgramData\NVIDIA
2008-10-08 19:44:40 ----D---- C:\Program Files (x86)\Bonjour
2008-10-07 15:50:43 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2008-10-07 15:46:08 ----D---- C:\Program Files (x86)\Common Files\Apple
2008-10-06 21:01:10 ----SD---- C:\Users\Woomera\AppData\Roaming\Microsoft
2008-09-27 04:47:55 ----D---- C:\Windows\Tasks
2008-09-24 10:50:12 ----D---- C:\Windows\Logs
2008-09-22 11:08:04 ----D---- C:\Users\Woomera\AppData\Roaming\Miranda
2008-09-20 20:15:29 ----D---- C:\Program Files (x86)\Google
2008-09-20 18:23:52 ----AD---- C:\ProgramData\TEMP
2008-09-18 16:37:38 ----D---- C:\Users\Woomera\AppData\Roaming\IDM
2008-09-17 15:55:51 ----D---- C:\ProgramData\Microsoft Help
2008-09-17 15:54:32 ----D---- C:\Windows\ShellNew
2008-09-17 09:55:00 ----A---- C:\Windows\system32\nvapi.dll
2008-09-15 19:11:03 ----D---- C:\Users\Woomera\AppData\Roaming\FileZilla
2008-09-15 12:55:58 ----D---- C:\Windows\Resources
2008-09-15 00:18:04 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys []
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys []
R1 nltdi;nltdi; \??\C:\Windows\system32\drivers\nltdi.sys []
R1 nm3;Microsoft Network Monitor 3 Driver; C:\Windows\system32\DRIVERS\nm3.sys []
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys []
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\Program Files\LogMeIn\x64\RaInfo.sys [2008-07-24 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys []
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-10-14 20544]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
R3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2008-10-14 30528]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
R3 MRV6X64P;Vista 64-bits Native WiFi Driver; C:\Windows\system32\DRIVERS\MRVW13C.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 SKYNET;TechniSat DVB-PC TV Star PCI; C:\Windows\system32\DRIVERS\SkyNET_AMD64.SYS []
S3 BOCDRIVE;BOClean Kernel Monitor.; \??\D:\Program Files\Comodo BOClean\BOCDRIVE.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 DrvSnSht;DrvSnSht; \??\D:\Program Files\R-Drive\DrvSnSht64.sys [2007-12-30 120792]
S3 fcdabus;fcdabus; C:\Windows\system32\DRIVERS\fcdabus.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPF;WinPcap Packet Driver (NPF); C:\Windows\system32\drivers\NPF.sys [2008-05-03 34064]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2005-02-04 10368]
S3 R-ImageDisk;R-ImageDisk; \??\D:\Program Files\R-Drive\R-ImageDisk64.sys [2007-12-30 127064]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl64.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; D:\Program Files\a-squared Free\a2service.exe [2008-07-31 380536]
R2 aawservice;Lavasoft Ad-Aware Service; D:\Program Files\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AVP;Kaspersky Internet Security; D:\Program Files\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 ezProxy;ezProxy; D:\Program Files\ezProxy\ezEngine.exe [2008-05-06 1044480]
R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392]
R2 LMIMaint;LogMeIn Maintenance Service; D:\Program Files\LogMeIn\x64\RaMaint.exe [2008-09-01 120128]
R2 LogMeIn;LogMeIn; D:\Program Files\LogMeIn\x64\LogMeIn.exe [2008-07-24 57920]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2007-05-13 867840]
R2 NMSAccessU;NMSAccessU; D:\Program Files\BurnAware Free\nmsaccessu.exe [2007-05-04 71360]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-07-18 1101576]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-05 93696]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-25 654848]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-07-18 1285896]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-18 19968]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe []
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S4 nTuneService;nTune Service; D:\Program Files\nTune\nTune\nTuneService.exe /StartService []

-----------------EOF-----------------

Shaba
2008-10-14, 16:03
That is completely normal, nothing to worry about.

Open HijackThis, click do a system scan only and checkmark this:

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

Reboot and post back a fresh HijackThis log, please.

Woomera
2008-10-14, 17:23
i couldnt remove it from hijackthis cause it kept returning error's so i did it manualy,anyway here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:31 PM, on 10/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\TechniSat\bin\Server4PC.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Kaspersky Internet Security 2009\avp.exe
D:\Program Files\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\TechniSat\bin\Server4PC.exe
D:\Program Files\Opera\opera.exe
D:\Program Files\Miranda IM\miranda32.exe
D:\Admin Tools\Shortcut's\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=193.251.135.116:8080;http=193.251.135.116:8080;https=193.251.135.116:8080;socks=193.251.135.116:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;192.168.150.0;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Internet Security 2009\ievkbd.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\ObjectDock\ObjectDock.exe
O4 - Global Startup: Server4PC.lnk = D:\Program Files\TechniSat\bin\Server4PC.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - D:\Program Files\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Woomera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Woomera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\FRONTP~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{92B4F914-6923-4F65-B2B3-38175D13B227}: NameServer = 193.251.135.65 193.251.135.70
O20 - AppInit_DLLs: D:\PROGRA~2\KASPER~1\mzvkbd.dll,D:\PROGRA~2\KASPER~1\mzvkbd3.dll,D:\PROGRA~2\KASPER~1\adialhk.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ezProxy - Unknown owner - D:\Program Files\ezProxy\ezEngine.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10069 bytes

Shaba
2008-10-14, 17:29
That happens due to vista. It requires that you run HijackThis by right-clicking it and choosing run as administrator.

Have you still encountered random resets?

Woomera
2008-10-14, 19:19
it has'nt happened yet though sometimes it takes 1-2 today's till it does.i will report here if it happen's again.
one more thing, since these restarts started happening some of "control panel" components are not responding and its random.after some restarts(random/normal) they gives an error "page failed to load" and after some other restarts they work fine. i.e: "network and sharing center", "uninstaller" ...
any idea what could be the cause and how to fix this?
i already tried SFC /SCANNOW but it always says nothing is wrong with the files but i get the error.

Shaba
2008-10-14, 19:41
Sounds like either hardware or windows related thing to me.

Have you lately added some components?

Woomera
2008-10-15, 01:05
well as for hardware only thing i had used new is my iphone which i had some reset's before upon connecting it to the usb port, which might have had something to do with this.might have damaged some files or something.
and as for software i have installed several new freeware softwares which some i got uninstalled but i had also some random resets and windows crash's after installing "google chrome" and some where during playing games.i uninstalled it and those crash's went away but come to think of it i guess these reset's started after that.
but how to track the exact reason or source of this?

Shaba
2008-10-15, 11:52
Pretty hard to track that because it is not my field actually but I can re-direct you to some windows forum if you like to?

Woomera
2008-10-15, 12:12
i have already posted it in MSFN (http://www.msfn.org/board/Systems-reset-s-random-t124454.html) but no help, if there's anywhere else that can help i really appreciate it if you redirect me.

Shaba
2008-10-15, 12:37
Well you have anyway got response.

I recommend this (http://forums.pcpitstop.com/index.php?) place but if you get help there please inform msfn that ppl don't help you in 2 forums.

Woomera
2008-10-15, 16:16
ok i will though after i ran a full memtest to make sure.
thanks alot for your help, time and efford to help me.
cheeers :)

Shaba
2008-10-17, 10:32
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.