PDA

View Full Version : very slow computer (inactive)



susko
2009-07-09, 00:16
Hello, I have serious issue. My computer is really slow right now. My game installating takes a lot of time. My windows are booting very slowly and I suspect I have a virus.Pls help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:07 PM, on 7/8/2009
Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Xfire\xfire.exe
C:\DOCUME~1\DINO\LOCALS~1\Temp\Rar$EX00.500\Update 2501 game patch\COHToV_EN_2500_2501_Patch.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: rncsys32.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\windows\system32\pr2ah4nc.exe

--
End of file - 8249 bytes


I hope you will help me!

katana
2009-07-10, 01:12
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.


Please Download GMER to your desktop

Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

susko
2009-07-10, 18:00
First time when i run RSIT I got 2 logs and after that i opened gmer and i started scan. After 10 minutes of scanning my computer got restarted by himself. When i turned my computer on I gone to RSIT again and now i got only ONE log (log.txt) and there is no info.txt like first time. I tried second time to scan with gmer and after 10 minutes i got blue screen with written "FATAL ERROR..." and my computer got restarted!





Logfile of random's system information tool 1.06 (written by random/random)
Run by DINO at 2009-07-10 16:56:02
Microsoft Windows XP Professional Service Pack 3, v.5755
System drive C: has 353 GB (74%) free of 477 GB
Total RAM: 3071 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:04 PM, on 7/10/2009
Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Xfire\xfire.exe
C:\windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DINO\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\DINO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: rncsys32.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe

--
End of file - 8309 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-10-07 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-19 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-10-07 2403392]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"Alcmtr"=C:\windows\ALCMTR.EXE [2008-06-19 57344]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-05 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2007-11-30 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-19 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Documents and Settings\DINO\Start Menu\Programs\Startup
rncsys32.exe
Xfire.lnk - C:\Program Files\Xfire\xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2008-10-29 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\windows\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2007-11-30 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Codemasters\DiRT\DiRT.exe"="C:\Program Files\Codemasters\DiRT\DiRT.exe:*:Enabled:DiRT Executable"
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe"="C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\BearShare Music\BearShare Music.exe"="C:\Program Files\BearShare Music\BearShare Music.exe:*:Enabled:BearShare Music"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"D:\pes2009.exe"="D:\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Activision\Copy of Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Copy of Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Documents and Settings\DINO\Local Settings\Temp\Rar$EX00.219\WA.exe"="C:\Documents and Settings\DINO\Local Settings\Temp\Rar$EX00.219\WA.exe:*:Enabled:Worms Armageddon"
"C:\Documents and Settings\DINO\Desktop\New Folder (2)\WormsARM\WA.exe"="C:\Documents and Settings\DINO\Desktop\New Folder (2)\WormsARM\WA.exe:*:Enabled:Worms Armageddon"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.8.game"="C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.8.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat"="C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"C:\Program Files\IP Hider\IP Hider.exe"="C:\Program Files\IP Hider\IP Hider.exe:*:Enabled:IP Hider"
"C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Documents and Settings\DINO\Desktop\New Folder (2)\LEFT 4 DEAD\LEFT 4 DEAD\left4dead.exe"="C:\Documents and Settings\DINO\Desktop\New Folder (2)\LEFT 4 DEAD\LEFT 4 DEAD\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\left4dead\LEFT 4 DEAD\LEFT 4 DEAD\left4dead.exe"="C:\Program Files\left4dead\LEFT 4 DEAD\LEFT 4 DEAD\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe"="C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e08df6f6-c2f7-11dd-84d5-001e2a4142dc}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\klass.exe
shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\klass.exe


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-07-10 12:35:04 ----D---- C:\rsit
2009-07-08 23:01:32 ----D---- C:\Program Files\Trend Micro
2009-07-08 17:21:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-08 17:21:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 23:02:12 ----D---- C:\vcs5BGEffects
2009-07-06 23:01:17 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2009-07-06 11:52:24 ----D---- C:\Documents and Settings\DINO\Application Data\Mumble
2009-07-06 11:51:35 ----D---- C:\Program Files\Mumble
2009-07-05 21:57:40 ----D---- C:\Program Files\Kaspersky Lab
2009-07-05 21:57:40 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-07-05 21:54:24 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-05 20:22:21 ----D---- C:\Program Files\The File Splitter 1.31
2009-07-05 19:50:31 ----A---- C:\windows\_MSRSTRT.EXE
2009-07-02 21:26:08 ----A---- C:\windows\system32\xfcodec.dll
2009-06-26 16:36:23 ----D---- C:\Program Files\Common Files\Nero
2009-06-26 16:35:31 ----D---- C:\Program Files\Nero 9
2009-06-26 15:31:51 ----D---- C:\windows\Cache
2009-06-20 19:12:03 ----N---- C:\windows\system32\pxsfs.dll
2009-06-20 19:12:03 ----N---- C:\windows\system32\pxinsa64.exe
2009-06-20 19:12:03 ----N---- C:\windows\system32\pxhpinst.exe
2009-06-20 19:12:03 ----N---- C:\windows\system32\pxcpya64.exe
2009-06-20 19:12:03 ----N---- C:\windows\system32\pxafs.dll
2009-06-20 19:12:02 ----N---- C:\windows\system32\vxblock.dll
2009-06-20 19:12:02 ----N---- C:\windows\system32\pxwave.dll
2009-06-20 19:12:02 ----N---- C:\windows\system32\pxmas.dll
2009-06-20 19:12:02 ----N---- C:\windows\system32\pxdrv.dll
2009-06-20 19:12:02 ----N---- C:\windows\system32\px.dll
2009-06-17 16:54:53 ----HDC---- C:\windows\$NtUninstallKB961118$
2009-06-17 01:11:32 ----SHD---- C:\Config.Msi
2009-06-17 01:08:02 ----D---- C:\windows\system32\XPSViewer
2009-06-17 01:07:53 ----D---- C:\Program Files\MSBuild
2009-06-17 01:06:35 ----D---- C:\1ae000f5e499d6437c600a
2009-06-17 00:07:35 ----D---- C:\Program Files\Steam
2009-06-15 23:00:10 ----A---- C:\windows\system32\pbsvc.exe
2009-06-15 19:36:17 ----D---- C:\Program Files\left4dead
2009-06-14 14:31:02 ----D---- C:\Documents and Settings\DINO\Application Data\Help
2009-06-14 13:01:02 ----D---- C:\Program Files\railink
2009-06-13 13:24:29 ----D---- C:\Documents and Settings\DINO\Application Data\SmartFTP
2009-06-13 13:24:15 ----D---- C:\Program Files\SmartFTP Client
2009-06-13 13:23:57 ----D---- C:\Program Files\SmartFTP Client 3.0 Setup Files
2009-06-12 01:46:32 ----HDC---- C:\windows\$NtUninstallKB961501$
2009-06-12 01:46:29 ----HDC---- C:\windows\$NtUninstallKB969898$
2009-06-12 01:45:28 ----HDC---- C:\windows\$NtUninstallKB970238$
2009-06-12 01:45:05 ----HDC---- C:\windows\$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-07-10 16:56:03 ----D---- C:\windows\Temp
2009-07-10 16:51:52 ----D---- C:\Program Files\Mozilla Firefox
2009-07-10 16:36:48 ----D---- C:\windows\system32
2009-07-10 15:53:01 ----D---- C:\windows\Prefetch
2009-07-10 15:52:04 ----D---- C:\windows\system32\drivers
2009-07-10 15:46:31 ----A---- C:\windows\SchedLgU.Txt
2009-07-10 15:42:08 ----D---- C:\Documents and Settings\DINO\Application Data\Hamachi
2009-07-10 15:42:03 ----D---- C:\Documents and Settings\DINO\Application Data\Xfire
2009-07-10 15:22:04 ----D---- C:\windows\system32\CatRoot2
2009-07-10 14:55:06 ----A---- C:\windows\system32\PnkBstrB.exe
2009-07-10 14:48:12 ----D---- C:\Documents and Settings\DINO\Application Data\mIRC
2009-07-10 14:36:50 ----D---- C:\Program Files\mIRC
2009-07-10 13:12:40 ----D---- C:\windows\system32\config
2009-07-10 13:07:20 ----D---- C:\WINDOWS
2009-07-10 00:09:04 ----D---- C:\Documents and Settings\DINO\Application Data\teamspeak2
2009-07-09 11:49:20 ----D---- C:\Program Files\Xfire
2009-07-08 23:01:32 ----D---- C:\Program Files
2009-07-08 21:08:08 ----SHD---- C:\windows\Installer
2009-07-08 21:07:25 ----D---- C:\windows\system32\DirectX
2009-07-08 21:07:23 ----HD---- C:\windows\inf
2009-07-08 21:06:43 ----D---- C:\Program Files\THQ
2009-07-06 13:04:29 ----D---- C:\Program Files\IrfanView
2009-07-06 13:04:18 ----D---- C:\Program Files\Common Files
2009-07-05 22:41:55 ----D---- C:\Program Files\VisualTool
2009-07-05 21:59:34 ----D---- C:\windows\system32\CatRoot
2009-07-05 20:02:22 ----SD---- C:\windows\Downloaded Program Files
2009-07-05 20:00:46 ----D---- C:\windows\WinSxS
2009-07-05 19:58:34 ----D---- C:\Documents and Settings\DINO\Application Data\Dev-Cpp
2009-07-05 19:58:29 ----D---- C:\Dev-Cpp
2009-07-05 19:57:56 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-07-05 19:52:34 ----D---- C:\Program Files\AlienGUIse
2009-07-05 13:08:20 ----D---- C:\windows\Minidump
2009-07-05 13:08:20 ----D---- C:\windows\Debug
2009-07-04 22:46:01 ----D---- C:\Documents and Settings\DINO\Application Data\LimeWire
2009-07-04 22:45:49 ----D---- C:\Incomplete
2009-07-04 22:45:44 ----D---- C:\muzika
2009-06-26 16:37:17 ----D---- C:\Documents and Settings\DINO\Application Data\Nero
2009-06-26 01:17:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-25 18:21:05 ----A---- C:\windows\win.ini
2009-06-25 11:31:28 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-06-25 11:28:33 ----A---- C:\windows\system32\MsiExec.exe.log
2009-06-24 12:10:31 ----D---- C:\windows\Microsoft.NET
2009-06-24 11:00:26 ----SD---- C:\Documents and Settings\DINO\Application Data\Microsoft
2009-06-24 10:55:07 ----RSD---- C:\windows\Fonts
2009-06-24 10:54:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-23 21:06:21 ----D---- C:\FoldingAtHome3
2009-06-22 18:14:40 ----D---- C:\Program Files\Activision
2009-06-22 11:42:21 ----D---- C:\FoldingAtHome2
2009-06-22 11:09:03 ----A---- C:\windows\system32\PnkBstrA.exe
2009-06-22 11:04:17 ----D---- C:\FoldingAtHome4
2009-06-21 13:29:37 ----D---- C:\Documents and Settings\DINO\Application Data\My Battle for Middle-earth(tm) II Files
2009-06-21 12:16:12 ----D---- C:\Documents and Settings\DINO\Application Data\Mozilla
2009-06-20 19:22:44 ----D---- C:\Documents and Settings\DINO\Application Data\Hide IP NG
2009-06-20 19:21:18 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-20 19:09:52 ----A---- C:\windows\NeroDigital.ini
2009-06-20 10:34:39 ----D---- C:\FoldingAtHome1
2009-06-17 16:55:01 ----RSHDC---- C:\windows\system32\dllcache
2009-06-17 11:27:45 ----RSD---- C:\windows\assembly
2009-06-17 01:07:48 ----D---- C:\windows\system32\en-US
2009-06-17 01:03:28 ----D---- C:\windows\system32\mui
2009-06-17 01:03:27 ----D---- C:\Program Files\Internet Explorer
2009-06-16 22:13:44 ----D---- C:\windows\SoftwareDistribution
2009-06-15 23:01:23 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-06-15 22:48:47 ----D---- C:\Program Files\Ubisoft
2009-06-12 11:10:27 ----D---- C:\windows\system32\Macromed
2009-06-12 01:46:29 ----HD---- C:\windows\$hf_mig$
2009-06-12 01:45:13 ----D---- C:\windows\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2007-11-30 36352]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2007-11-30 14592]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2009-07-05 226832]
R1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\windows\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\windows\system32\DRIVERS\AegisP.sys [2008-10-06 21035]
R2 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2008-10-29 3341824]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\windows\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-02-01 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2007-11-30 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\windows\system32\DRIVERS\tunmp.sys [2008-02-01 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2007-11-30 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2007-11-30 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2007-11-30 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2007-11-30 20608]
S3 CCDECODE;Closed Caption Decoder; C:\windows\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2009-03-22 17480]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nm;Network Monitor Driver; C:\windows\system32\DRIVERS\NMnt.sys [2007-11-30 40320]
S3 QCDonner;Logitech QuickCam Express; C:\windows\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\windows\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\windows\system32\DRIVERS\ssm_bus.sys [2007-05-02 83592]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2007-11-30 26368]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\windows\system32\svchost.exe [2007-11-30 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-30 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2008-10-29 585728]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-05 206088]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2009-06-22 75064]
R2 PnkBstrB;PnkBstrB; C:\windows\system32\PnkBstrB.exe [2009-07-10 189768]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2007-11-30 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-10-10 72704]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 FAH1;FAH1; C:\FoldingAtHome1\srvany.exe [1996-08-30 13312]
S4 FAH2;FAH2; C:\FoldingAtHome2\srvany.exe [1996-08-30 13312]
S4 FAH3;FAH3; C:\FoldingAtHome3\srvany.exe [1996-08-30 13312]
S4 FAH4;FAH4; C:\FoldingAtHome4\srvany.exe [1996-08-30 13312]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




what i can do now?

katana
2009-07-10, 20:32
REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire
Vuze
iMesh
BitTorrent

Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.


----------------------------------------------------------------------------------------

Please delete C:\RSIT folder and then run RSIT again
Both logs should now appear

susko
2009-07-10, 22:26
What should I do now?




info.txt logfile of random's system information tool 1.06 2009-07-10 21:24:54

======Uninstall list======

-->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Advanced GIF Animator 3.0-->"C:\Program Files\Advanced GIF Animator\unins000.exe"
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\windows\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
AV Voice Changer Software DIAMOND 6.0-->C:\PROGRA~1\AVVCS6~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS6~1.0DI\INSTALL.LOG
Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CoD RconTool 10-->C:\Program Files\CoD RconTool\Uninstal.exe
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Command and ConquerTM Generals Zero Hour-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"C:\Program Files\THQ\Company of Heroes\\Uninstall_English.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\windows\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Google Earth Pro-->MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hamachi 1.0.1.5-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\windows\$NtUninstallKB961118$\spuninst\spuninst.exe"
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Nero 9.0.9.4 Lite-->"C:\Program Files\Nero 9\unins000.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
PunkBuster Services-->C:\windows\system32\pbsvc.exe -u
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
REALTEK PCIE NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}\Setup.exe" -l0x9 REMOVE
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
SAMSUNG Mobile Composite Device Software-->C:\windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x001a -removeonly
Samsung Samples Installer-->"C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\windows\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\windows\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\windows\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Seismovision 3 (remove only)-->"C:\Program Files\NuGardt Software\Seismovision 3\uninst_seis3.exe"
SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SteelSeries Ikari Laser-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A64ECAEE-51FE-4AC7-ABE8-EBBCDA7E3EDC}\Setup.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
The Battle for Middle-earth (tm) II-->C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
The File Splitter 1.31-->"C:\Program Files\The File Splitter 1.31\unins000.exe"
Tom Clancy's Rainbow Six Vegas 2-->"C:\Program Files\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Trials 2 Second Edition-->C:\Program Files\Trials 2 Second Edition\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\windows\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VisualTool-->C:\Program Files\VisualTool\uninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\windows\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR arhiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
X-ray Anti-Cheat-->C:\Program Files\X-ray Anti-Cheat\uninstaller.exe

======Security center information======

AV: Kaspersky Internet Security (disabled)
FW: Kaspersky Internet Security (disabled)

======System event log======

Computer Name: ADMIN-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 78480
Source Name: Service Control Manager
Time Written: 20090702223440.000000+120
Event Type: error
User:

Computer Name: ADMIN-PC
Event Code: 7034
Message: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s).

Record Number: 78474
Source Name: Service Control Manager
Time Written: 20090702174524.000000+120
Event Type: error
User:

Computer Name: ADMIN-PC
Event Code: 7034
Message: The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).

Record Number: 78458
Source Name: Service Control Manager
Time Written: 20090702163223.000000+120
Event Type: error
User:

Computer Name: ADMIN-PC
Event Code: 7000
Message: The avast! Web Scanner service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 78454
Source Name: Service Control Manager
Time Written: 20090702163153.000000+120
Event Type: error
User:

Computer Name: ADMIN-PC
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.

Record Number: 78453
Source Name: Service Control Manager
Time Written: 20090702163153.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: ADMIN-PC
Event Code: 1002
Message: Hanging application game.dat, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 15
Source Name: Application Hang
Time Written: 20090402101637.000000+120
Event Type: error
User:

Computer Name: ADMIN-PC
Event Code: 1000
Message: Faulting application wlcomm.exe, version 14.0.8064.206, faulting module kernel32.dll, version 5.1.2600.3264, fault address 0x00009eca.

Record Number: 14
Source Name: Application Error
Time Written: 20090402082452.000000+120
Event Type: error
User:

Computer Name: ADMIN-PC
Event Code: 1000
Message: Faulting application wlcomm.exe, version 14.0.8064.206, faulting module kernel32.dll, version 5.1.2600.3264, fault address 0x00009eca.

Record Number: 13
Source Name: Application Error
Time Written: 20090402080235.000000+120
Event Type: error
User:

Computer Name: ADMIN-PC
Event Code: 1000
Message: Faulting application wlcomm.exe, version 14.0.8064.206, faulting module kernel32.dll, version 5.1.2600.3264, fault address 0x00009eca.

Record Number: 12
Source Name: Application Error
Time Written: 20090402072951.000000+120
Event Type: error
User:

Computer Name: ADMIN-PC
Event Code: 1000
Message: Faulting application wlcomm.exe, version 14.0.8064.206, faulting module kernel32.dll, version 5.1.2600.3264, fault address 0x00009eca.

Record Number: 11
Source Name: Application Error
Time Written: 20090402070621.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------













Logfile of random's system information tool 1.06 (written by random/random)
Run by DINO at 2009-07-10 21:24:53
Microsoft Windows XP Professional Service Pack 3, v.5755
System drive C: has 353 GB (74%) free of 477 GB
Total RAM: 3071 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:53 PM, on 7/10/2009
Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\PnkBstrB.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\DINO\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\DINO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: rncsys32.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe

--
End of file - 8041 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-10-07 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-19 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-10-07 2403392]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-10-28 17331200]
"Alcmtr"=C:\windows\ALCMTR.EXE [2008-06-19 57344]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-05 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2007-11-30 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-19 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Documents and Settings\DINO\Start Menu\Programs\Startup
rncsys32.exe
Xfire.lnk - C:\Program Files\Xfire\xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2008-10-29 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\windows\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2007-11-30 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Codemasters\DiRT\DiRT.exe"="C:\Program Files\Codemasters\DiRT\DiRT.exe:*:Enabled:DiRT Executable"
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe"="C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\BearShare Music\BearShare Music.exe"="C:\Program Files\BearShare Music\BearShare Music.exe:*:Enabled:BearShare Music"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"D:\pes2009.exe"="D:\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Activision\Copy of Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Copy of Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Documents and Settings\DINO\Local Settings\Temp\Rar$EX00.219\WA.exe"="C:\Documents and Settings\DINO\Local Settings\Temp\Rar$EX00.219\WA.exe:*:Enabled:Worms Armageddon"
"C:\Documents and Settings\DINO\Desktop\New Folder (2)\WormsARM\WA.exe"="C:\Documents and Settings\DINO\Desktop\New Folder (2)\WormsARM\WA.exe:*:Enabled:Worms Armageddon"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.8.game"="C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.8.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat"="C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"C:\Program Files\IP Hider\IP Hider.exe"="C:\Program Files\IP Hider\IP Hider.exe:*:Enabled:IP Hider"
"C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Documents and Settings\DINO\Desktop\New Folder (2)\LEFT 4 DEAD\LEFT 4 DEAD\left4dead.exe"="C:\Documents and Settings\DINO\Desktop\New Folder (2)\LEFT 4 DEAD\LEFT 4 DEAD\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\left4dead\LEFT 4 DEAD\LEFT 4 DEAD\left4dead.exe"="C:\Program Files\left4dead\LEFT 4 DEAD\LEFT 4 DEAD\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe"="C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e08df6f6-c2f7-11dd-84d5-001e2a4142dc}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\klass.exe
shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\klass.exe


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-07-10 21:24:53 ----D---- C:\rsit
2009-07-08 23:01:32 ----D---- C:\Program Files\Trend Micro
2009-07-08 17:21:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-08 17:21:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 23:02:12 ----D---- C:\vcs5BGEffects
2009-07-06 23:01:17 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2009-07-06 11:52:24 ----D---- C:\Documents and Settings\DINO\Application Data\Mumble
2009-07-06 11:51:35 ----D---- C:\Program Files\Mumble
2009-07-05 21:57:40 ----D---- C:\Program Files\Kaspersky Lab
2009-07-05 21:57:40 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-07-05 21:54:24 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-05 20:22:21 ----D---- C:\Program Files\The File Splitter 1.31
2009-07-05 19:50:31 ----A---- C:\windows\_MSRSTRT.EXE
2009-07-02 21:26:08 ----A---- C:\windows\system32\xfcodec.dll
2009-06-26 16:36:23 ----D---- C:\Program Files\Common Files\Nero
2009-06-26 16:35:31 ----D---- C:\Program Files\Nero 9
2009-06-26 15:31:51 ----D---- C:\windows\Cache
2009-06-20 19:12:03 ----N---- C:\windows\system32\pxsfs.dll
2009-06-20 19:12:03 ----N---- C:\windows\system32\pxinsa64.exe
2009-06-20 19:12:03 ----N---- C:\windows\system32\pxhpinst.exe
2009-06-20 19:12:03 ----N---- C:\windows\system32\pxcpya64.exe
2009-06-20 19:12:03 ----N---- C:\windows\system32\pxafs.dll
2009-06-20 19:12:02 ----N---- C:\windows\system32\vxblock.dll
2009-06-20 19:12:02 ----N---- C:\windows\system32\pxwave.dll
2009-06-20 19:12:02 ----N---- C:\windows\system32\pxmas.dll
2009-06-20 19:12:02 ----N---- C:\windows\system32\pxdrv.dll
2009-06-20 19:12:02 ----N---- C:\windows\system32\px.dll
2009-06-17 16:54:53 ----HDC---- C:\windows\$NtUninstallKB961118$
2009-06-17 01:11:32 ----SHD---- C:\Config.Msi
2009-06-17 01:08:02 ----D---- C:\windows\system32\XPSViewer
2009-06-17 01:07:53 ----D---- C:\Program Files\MSBuild
2009-06-17 01:06:35 ----D---- C:\1ae000f5e499d6437c600a
2009-06-17 00:07:35 ----D---- C:\Program Files\Steam
2009-06-15 23:00:10 ----A---- C:\windows\system32\pbsvc.exe
2009-06-15 19:36:17 ----D---- C:\Program Files\left4dead
2009-06-14 14:31:02 ----D---- C:\Documents and Settings\DINO\Application Data\Help
2009-06-14 13:01:02 ----D---- C:\Program Files\railink
2009-06-13 13:24:29 ----D---- C:\Documents and Settings\DINO\Application Data\SmartFTP
2009-06-13 13:24:15 ----D---- C:\Program Files\SmartFTP Client
2009-06-13 13:23:57 ----D---- C:\Program Files\SmartFTP Client 3.0 Setup Files
2009-06-12 01:46:32 ----HDC---- C:\windows\$NtUninstallKB961501$
2009-06-12 01:46:29 ----HDC---- C:\windows\$NtUninstallKB969898$
2009-06-12 01:45:28 ----HDC---- C:\windows\$NtUninstallKB970238$
2009-06-12 01:45:05 ----HDC---- C:\windows\$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-07-10 21:15:12 ----D---- C:\windows\Prefetch
2009-07-10 21:15:10 ----D---- C:\Program Files\LimeWire
2009-07-10 21:11:34 ----D---- C:\Program Files\Mozilla Firefox
2009-07-10 19:56:48 ----D---- C:\windows\system32\config
2009-07-10 18:28:48 ----D---- C:\Documents and Settings\DINO\Application Data\Xfire
2009-07-10 18:28:19 ----D---- C:\Documents and Settings\DINO\Application Data\Hamachi
2009-07-10 18:02:56 ----D---- C:\windows\system32\CatRoot2
2009-07-10 17:11:40 ----A---- C:\windows\system32\PnkBstrB.exe
2009-07-10 17:08:45 ----D---- C:\windows\Temp
2009-07-10 16:36:48 ----D---- C:\windows\system32
2009-07-10 15:52:04 ----D---- C:\windows\system32\drivers
2009-07-10 15:46:31 ----A---- C:\windows\SchedLgU.Txt
2009-07-10 14:48:12 ----D---- C:\Documents and Settings\DINO\Application Data\mIRC
2009-07-10 14:36:50 ----D---- C:\Program Files\mIRC
2009-07-10 13:07:20 ----D---- C:\WINDOWS
2009-07-10 00:09:04 ----D---- C:\Documents and Settings\DINO\Application Data\teamspeak2
2009-07-09 11:49:20 ----D---- C:\Program Files\Xfire
2009-07-08 23:01:32 ----D---- C:\Program Files
2009-07-08 21:08:08 ----SHD---- C:\windows\Installer
2009-07-08 21:07:25 ----D---- C:\windows\system32\DirectX
2009-07-08 21:07:23 ----HD---- C:\windows\inf
2009-07-08 21:06:43 ----D---- C:\Program Files\THQ
2009-07-06 13:04:29 ----D---- C:\Program Files\IrfanView
2009-07-06 13:04:18 ----D---- C:\Program Files\Common Files
2009-07-05 22:41:55 ----D---- C:\Program Files\VisualTool
2009-07-05 21:59:34 ----D---- C:\windows\system32\CatRoot
2009-07-05 20:02:22 ----SD---- C:\windows\Downloaded Program Files
2009-07-05 20:00:46 ----D---- C:\windows\WinSxS
2009-07-05 19:58:34 ----D---- C:\Documents and Settings\DINO\Application Data\Dev-Cpp
2009-07-05 19:58:29 ----D---- C:\Dev-Cpp
2009-07-05 19:57:56 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-07-05 19:52:34 ----D---- C:\Program Files\AlienGUIse
2009-07-05 13:08:20 ----D---- C:\windows\Minidump
2009-07-05 13:08:20 ----D---- C:\windows\Debug
2009-07-04 22:46:01 ----D---- C:\Documents and Settings\DINO\Application Data\LimeWire
2009-07-04 22:45:49 ----D---- C:\Incomplete
2009-07-04 22:45:44 ----D---- C:\muzika
2009-06-26 16:37:17 ----D---- C:\Documents and Settings\DINO\Application Data\Nero
2009-06-26 01:17:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-25 18:21:05 ----A---- C:\windows\win.ini
2009-06-25 11:31:28 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-06-25 11:28:33 ----A---- C:\windows\system32\MsiExec.exe.log
2009-06-24 12:10:31 ----D---- C:\windows\Microsoft.NET
2009-06-24 11:00:26 ----SD---- C:\Documents and Settings\DINO\Application Data\Microsoft
2009-06-24 10:55:07 ----RSD---- C:\windows\Fonts
2009-06-24 10:54:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-23 21:06:21 ----D---- C:\FoldingAtHome3
2009-06-22 18:14:40 ----D---- C:\Program Files\Activision
2009-06-22 11:42:21 ----D---- C:\FoldingAtHome2
2009-06-22 11:09:03 ----A---- C:\windows\system32\PnkBstrA.exe
2009-06-22 11:04:17 ----D---- C:\FoldingAtHome4
2009-06-21 13:29:37 ----D---- C:\Documents and Settings\DINO\Application Data\My Battle for Middle-earth(tm) II Files
2009-06-21 12:16:12 ----D---- C:\Documents and Settings\DINO\Application Data\Mozilla
2009-06-20 19:22:44 ----D---- C:\Documents and Settings\DINO\Application Data\Hide IP NG
2009-06-20 19:21:18 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-20 19:09:52 ----A---- C:\windows\NeroDigital.ini
2009-06-20 10:34:39 ----D---- C:\FoldingAtHome1
2009-06-17 16:55:01 ----RSHDC---- C:\windows\system32\dllcache
2009-06-17 11:27:45 ----RSD---- C:\windows\assembly
2009-06-17 01:07:48 ----D---- C:\windows\system32\en-US
2009-06-17 01:03:28 ----D---- C:\windows\system32\mui
2009-06-17 01:03:27 ----D---- C:\Program Files\Internet Explorer
2009-06-16 22:13:44 ----D---- C:\windows\SoftwareDistribution
2009-06-15 23:01:23 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-06-15 22:48:47 ----D---- C:\Program Files\Ubisoft
2009-06-12 11:10:27 ----D---- C:\windows\system32\Macromed
2009-06-12 01:46:29 ----HD---- C:\windows\$hf_mig$
2009-06-12 01:45:13 ----D---- C:\windows\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2007-11-30 36352]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2007-11-30 14592]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2009-07-05 226832]
R1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\windows\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\windows\system32\DRIVERS\AegisP.sys [2008-10-06 21035]
R2 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2008-10-29 3341824]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\windows\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-02-01 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2007-11-30 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 224896]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\windows\system32\DRIVERS\tunmp.sys [2008-02-01 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2007-11-30 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2007-11-30 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2007-11-30 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2007-11-30 20608]
S3 CCDECODE;Closed Caption Decoder; C:\windows\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2009-03-22 17480]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nm;Network Monitor Driver; C:\windows\system32\DRIVERS\NMnt.sys [2007-11-30 40320]
S3 QCDonner;Logitech QuickCam Express; C:\windows\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\windows\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\windows\system32\DRIVERS\ssm_bus.sys [2007-05-02 83592]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\windows\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\windows\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2007-11-30 26368]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\windows\system32\svchost.exe [2007-11-30 14336]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-30 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2008-10-29 585728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2009-06-22 75064]
R2 PnkBstrB;PnkBstrB; C:\windows\system32\PnkBstrB.exe [2009-07-10 189768]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2007-11-30 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-05 206088]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-10-10 72704]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 FAH1;FAH1; C:\FoldingAtHome1\srvany.exe [1996-08-30 13312]
S4 FAH2;FAH2; C:\FoldingAtHome2\srvany.exe [1996-08-30 13312]
S4 FAH3;FAH3; C:\FoldingAtHome3\srvany.exe [1996-08-30 13312]
S4 FAH4;FAH4; C:\FoldingAtHome4\srvany.exe [1996-08-30 13312]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

katana
2009-07-11, 00:22
Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------------------------------------
Step 2


Download and Run ComboFix (by sUBs)

Please download Commbofix from HERE (http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
For a full tutorial on using Combofix, please see this topic
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

MalwareBytes Log
Combofix Log
How are things running now ?

susko
2009-07-12, 00:43
When I run anti-malwere first time my computer restarted and i got blue screen with "fatal error". After my computer restarted i turned it back on and i gone to scan again in anti removal and after few minutes i went on "abort scan" because i got 5 files infected and then i deleted them. So i got 1 log ov FIRST scan with anti removal. Then i run my combofix and everything was all right. After that i run anti malwere again and this time it scanned till the end I got 2 files infected so i will post you SECOND anti malwere log. Sorry for complicating.






ComboFix 09-07-09.08 - DINO 07/11/2009 20:46.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2581 [GMT 2:00]
Running from: c:\documents and settings\DINO\Desktop\Combo-Fix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DINO\Application Data\wiaserva.log
c:\documents and settings\DINO\Start Menu\Programs\Startup\rncsys32.exe
c:\program files\FBrowserAdvisor
c:\program files\FBrowserAdvisor\inno.exe
c:\program files\VisualTool
c:\program files\VisualTool\pcre3.dll
c:\program files\VisualTool\uninstall.exe
c:\program files\VisualTool\VisualTool.dat
c:\windows\Installer\19c6f1.msp
c:\windows\Installer\5233f.msp
c:\windows\Installer\6d1aa.msp
c:\windows\Installer\abdeac.msp
c:\windows\Installer\f60e3.msi
c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-11 11:00 . 2009-07-11 11:00 -------- d-----w- c:\documents and settings\DINO\Application Data\Malwarebytes
2009-07-11 11:00 . 2009-07-11 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-10 19:24 . 2009-07-10 19:24 -------- d-----w- C:\rsit
2009-07-08 21:01 . 2009-07-08 21:01 -------- d-----w- c:\program files\Trend Micro
2009-07-08 15:21 . 2009-07-11 18:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-08 15:21 . 2009-07-11 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 21:02 . 2009-07-07 13:16 -------- d-----w- C:\vcs5BGEffects
2009-07-06 21:01 . 2009-07-07 21:55 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2009-07-06 09:52 . 2009-07-10 09:42 -------- d-----w- c:\documents and settings\DINO\Application Data\Mumble
2009-07-06 09:51 . 2009-07-06 09:52 -------- d-----w- c:\program files\Mumble
2009-07-05 20:43 . 2009-07-05 20:43 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-07-05 20:43 . 2009-07-05 20:43 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-05 20:43 . 2009-07-05 20:43 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-07-05 19:58 . 2009-07-05 20:43 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-05 19:58 . 2009-07-05 20:43 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-05 19:57 . 2009-07-11 18:52 417824 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-05 19:57 . 2009-07-11 18:52 4164640 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-05 19:57 . 2009-07-11 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-05 19:57 . 2009-07-05 19:57 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-05 19:54 . 2009-07-05 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-05 18:22 . 2009-07-05 18:22 -------- d-----w- c:\program files\The File Splitter 1.31
2009-07-05 17:50 . 2009-07-05 17:50 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-07-02 19:26 . 2009-07-02 19:26 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-26 14:36 . 2009-06-26 14:36 -------- d-----w- c:\program files\Common Files\Nero
2009-06-26 14:35 . 2009-06-26 14:36 -------- d-----w- c:\program files\Nero 9
2009-06-26 13:31 . 2009-06-26 13:31 -------- d-----w- c:\windows\Cache
2009-06-16 23:08 . 2009-06-16 23:08 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-16 23:07 . 2009-06-16 23:07 -------- d-----w- c:\program files\MSBuild
2009-06-16 23:06 . 2009-06-16 23:07 -------- d-----w- C:\1ae000f5e499d6437c600a
2009-06-16 22:07 . 2009-06-28 20:44 -------- d-----w- c:\program files\Steam
2009-06-15 21:00 . 2009-06-15 21:00 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-15 17:36 . 2009-06-15 17:49 -------- d-----w- c:\program files\left4dead
2009-06-14 12:31 . 2009-06-14 12:31 -------- d-----w- c:\documents and settings\DINO\Local Settings\Application Data\Help
2009-06-14 11:01 . 2009-06-14 12:31 -------- d-----w- c:\program files\railink
2009-06-13 11:24 . 2009-06-13 11:24 -------- d-----w- c:\documents and settings\DINO\Application Data\SmartFTP
2009-06-13 11:24 . 2009-06-13 11:24 -------- d-----w- c:\program files\SmartFTP Client
2009-06-13 11:23 . 2009-06-13 11:24 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 18:52 . 2009-07-05 19:57 33616 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-11 18:52 . 2009-07-05 19:57 2508 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-11 18:43 . 2008-10-06 14:44 -------- d-----w- c:\documents and settings\DINO\Application Data\Xfire
2009-07-11 00:06 . 2008-10-08 11:17 -------- d-----w- c:\documents and settings\DINO\Application Data\Hamachi
2009-07-10 22:09 . 2008-10-06 14:44 -------- d-----w- c:\documents and settings\DINO\Application Data\teamspeak2
2009-07-10 21:17 . 2008-09-06 17:36 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-10 21:16 . 2008-09-06 17:36 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-10 19:15 . 2008-11-26 18:38 -------- d-----w- c:\program files\LimeWire
2009-07-10 13:45 . 2008-09-03 19:15 29032 ----a-w- c:\documents and settings\DINO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-10 12:48 . 2009-02-26 20:39 -------- d-----w- c:\documents and settings\DINO\Application Data\mIRC
2009-07-10 12:36 . 2009-02-26 20:39 -------- d-----w- c:\program files\mIRC
2009-07-09 09:49 . 2008-10-06 14:44 -------- d-----w- c:\program files\Xfire
2009-07-08 19:06 . 2008-09-29 17:29 -------- d-----w- c:\program files\THQ
2009-07-06 11:04 . 2008-10-30 21:51 -------- d-----w- c:\program files\IrfanView
2009-07-05 20:43 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-07-05 17:58 . 2009-03-09 17:46 -------- d-----w- c:\documents and settings\DINO\Application Data\Dev-Cpp
2009-07-05 17:52 . 2008-11-12 19:28 -------- d-----w- c:\program files\AlienGUIse
2009-07-04 20:46 . 2008-10-10 14:37 -------- d-----w- c:\documents and settings\DINO\Application Data\LimeWire
2009-06-26 14:37 . 2009-02-15 14:29 -------- d-----w- c:\documents and settings\DINO\Application Data\Nero
2009-06-25 09:31 . 2009-02-15 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-22 16:14 . 2008-09-06 17:32 -------- d-----w- c:\program files\Activision
2009-06-22 09:09 . 2008-09-06 17:36 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-21 11:29 . 2008-09-16 17:59 -------- d-----w- c:\documents and settings\DINO\Application Data\My Battle for Middle-earth(tm) II Files
2009-06-20 17:22 . 2009-03-10 23:44 -------- d-----w- c:\documents and settings\DINO\Application Data\Hide IP NG
2009-06-20 17:21 . 2008-09-03 19:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-15 21:01 . 2008-09-06 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2009-06-15 21:00 . 2008-09-06 17:36 22328 ----a-w- c:\documents and settings\DINO\Application Data\PnkBstrK.sys
2009-06-15 21:00 . 2008-09-06 17:36 22328 ----a-w- c:\documents and settings\DINO\Application Data\PnkBstrK.sys
2009-06-15 20:48 . 2008-09-06 18:14 -------- d-----w- c:\program files\Ubisoft
2009-06-04 18:57 . 2009-06-04 18:55 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-06-02 12:48 . 2009-03-19 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-05-07 15:32 . 2007-11-30 13:25 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2007-11-30 13:26 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2007-11-30 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2007-11-30 07:24 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2007-11-30 13:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-19 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-05 206088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-28 17331200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2007-11-30 53760]

c:\documents and settings\DINO\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-7-2 3190096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.8.game"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\left4dead\\LEFT 4 DEAD\\LEFT 4 DEAD\\left4dead.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28960:UDP"= 28960:UDP:Susko

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/3/2008 8:52 PM 13696]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2/18/2009 7:53 PM 55152]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [9/3/2008 9:10 PM 93696]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [4/23/2007 2:11 PM 224896]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]
S4 FAH1;FAH1;c:\foldingathome1\srvany.exe [3/20/2009 5:28 PM 13312]
S4 FAH2;FAH2;c:\foldingathome2\srvany.exe [3/20/2009 5:28 PM 13312]
S4 FAH3;FAH3;c:\foldingathome3\srvany.exe [3/20/2009 5:28 PM 13312]
S4 FAH4;FAH4;c:\foldingathome4\srvany.exe [3/20/2009 5:28 PM 13312]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\DINO\Application Data\Mozilla\Firefox\Profiles\xo1npf4f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 20:55
Windows 5.1.2600 Service Pack 3, v.5755 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1220945662-2077806209-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9f,05,ec,fb,72,f0,32,85,d7,2b,0a,ed,c0,5e,ad,9b,53,e5,24,11,70,5d,e5,
ce,d1,a3,2c,ff,f5,43,49,aa,d5,82,64,0b,5d,8c,a4,43,d1,5d,d5,72,e9,74,53,4b,\
"??"=hex:f0,b6,10,2b,d1,af,95,90,07,1e,58,5a,b9,1c,5f,82

[HKEY_USERS\S-1-5-21-1220945662-2077806209-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:01,cf,56,ec,7c,99,e6,6a,ae,11,a6,db,56,60,1d,ff,47,31,fb,97,40,
4c,f4,0e,56,0e,80,6f,d5,16,33,86,de,e2,7f,0c,70,a8,ef,90,c5,60,fe,d0,91,24,\
"rkeysecu"=hex:b8,c8,9b,4c,2d,62,29,d2,4a,35,6a,1c,88,6e,2c,ce
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1724)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(904)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-11 21:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-11 19:00

Pre-Run: 370,590,957,568 bytes free
Post-Run: 370,521,567,232 bytes free

241 --- E O F --- 2009-06-25 23:18









first...
Malwarebytes' Anti-Malware 1.38
Database version: 2406
Windows 5.1.2600 Service Pack 3, v.5755

7/11/2009 2:51:17 PM
mbam-log-2009-07-11 (14-51-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 22302
Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\visualtool.pornpro_bho (Adware.PlayMp3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\visualtool.pornpro_bho.1 (Adware.PlayMp3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f3a54897-9e68-b11e-a37a-4d1422ce9caa} (Adware.PlayMp3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f3a54897-9e68-b11e-a37a-4d1422ce9caa} (Adware.PlayMp3z) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



second..
Malwarebytes' Anti-Malware 1.38
Database version: 2410
Windows 5.1.2600 Service Pack 3, v.5755

7/11/2009 11:07:46 PM
mbam-log-2009-07-11 (23-07-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 186244
Time elapsed: 1 hour(s), 15 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{1e4dfe57-ce2f-453c-8981-0880078ebe56}\RP624\A0563202.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\fbrowseradvisor\inno.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.


My computer is still slow.Only diffrence is that my programs load faster on startup then before but mine windows are still booting 2 minutes.

katana
2009-07-12, 02:15
Information

There is no obvious sign of active infection now, but there are a couple of things that need checking

----------------------------------------------------------------------------------------
Step 1

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
Copy/paste the the following file path into the window

C:\Qoobox\Quarantine\c\windows\system32\ATIODCLI.exe.vir

Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
C:\Qoobox\Quarantine\c\windows\system32\ATIODE.exe.vir

If Virustotal is too busy please try Jotti (http://virusscan.jotti.org/)

----------------------------------------------------------------------------------------
Step 2

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


http://forums.spybot.info/showthread.php?p=322032#post322032
Suspect::[4]
C:\Qoobox\Quarantine\c\windows\system32\ATIODCLI.exe.vir
C:\Qoobox\Quarantine\c\windows\system32\ATIODE.exe.vir
RegLock::
[HKEY_USERS\S-1-5-21-1220945662-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
ADS::
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box.
Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

----------------------------------------------------------------------------------------
Step 3

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK

Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Virus Total Results
Combofix Log
Active Scan Log
How are things running now ?

susko
2009-07-12, 19:28
I have all logs expect virus total. I runed scan and after 10 minutes is freezed on 24% and it was scaning 20 minutes more but nothing, steel freezed. Next time i tried i put my computer scaning over 3 hours and it freezed again on 24%.
I have screensoht..

http://img193.imageshack.us/img193/9971/scanvirus.th.png (http://img193.imageshack.us/i/scanvirus.png/)





C:\Qoobox\Quarantine\c\windows\system32\ATIODCLI.exe.vir

MD5: 852ea36362bd6c402613e7cfbf56b9b3
First received: 2009.04.02 12:39:26 UTC
Date: 2009.07.02 12:52:55 UTC [>9D]
Results: 0/41
Permalink: analisis/b6921d21981abdb2d89e183b3f6d247f926096a6657ef985d8c421354d6f3dcb-1246539175





C:\Qoobox\Quarantine\c\windows\system32\ATIODE.exe.vir

MD5: 1b89c18cf4e4d6cd43d67fb0f534b6e0
First received: 2009.03.14 09:14:13 UTC
Date: 2009.07.09 01:16:56 UTC [>2D]
Results: 1/41
Permalink: analisis/2e2e65ce97ecfb50f819efdd236bf8dca278aa22d4bbbafc5e84913cf4cef19a-1247102216










ComboFix 09-07-09.08 - DINO 07/12/2009 2:00.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2510 [GMT 2:00]
Running from: c:\documents and settings\DINO\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\DINO\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-11 19:24 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 19:24 . 2009-07-11 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 19:24 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 11:00 . 2009-07-11 11:00 -------- d-----w- c:\documents and settings\DINO\Application Data\Malwarebytes
2009-07-11 11:00 . 2009-07-11 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-10 19:24 . 2009-07-10 19:24 -------- d-----w- C:\rsit
2009-07-08 21:01 . 2009-07-08 21:01 -------- d-----w- c:\program files\Trend Micro
2009-07-08 15:21 . 2009-07-11 18:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-08 15:21 . 2009-07-11 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-06 21:02 . 2009-07-07 13:16 -------- d-----w- C:\vcs5BGEffects
2009-07-06 21:01 . 2009-07-07 21:55 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2009-07-06 09:52 . 2009-07-10 09:42 -------- d-----w- c:\documents and settings\DINO\Application Data\Mumble
2009-07-06 09:51 . 2009-07-06 09:52 -------- d-----w- c:\program files\Mumble
2009-07-05 20:43 . 2009-07-05 20:43 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-07-05 20:43 . 2009-07-05 20:43 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-05 20:43 . 2009-07-05 20:43 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-07-05 19:58 . 2009-07-05 20:43 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-05 19:58 . 2009-07-05 20:43 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-05 19:57 . 2009-07-11 21:17 434208 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-05 19:57 . 2009-07-11 21:08 4164640 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-05 19:57 . 2009-07-11 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-07-05 19:57 . 2009-07-05 19:57 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-05 19:54 . 2009-07-05 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-05 18:22 . 2009-07-05 18:22 -------- d-----w- c:\program files\The File Splitter 1.31
2009-07-05 17:50 . 2009-07-05 17:50 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-07-02 19:26 . 2009-07-02 19:26 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-26 14:36 . 2009-06-26 14:36 -------- d-----w- c:\program files\Common Files\Nero
2009-06-26 14:35 . 2009-06-26 14:36 -------- d-----w- c:\program files\Nero 9
2009-06-26 13:31 . 2009-06-26 13:31 -------- d-----w- c:\windows\Cache
2009-06-16 23:08 . 2009-06-16 23:08 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-16 23:07 . 2009-06-16 23:07 -------- d-----w- c:\program files\MSBuild
2009-06-16 23:06 . 2009-06-16 23:07 -------- d-----w- C:\1ae000f5e499d6437c600a
2009-06-16 22:07 . 2009-06-28 20:44 -------- d-----w- c:\program files\Steam
2009-06-15 21:00 . 2009-06-15 21:00 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-15 17:36 . 2009-06-15 17:49 -------- d-----w- c:\program files\left4dead
2009-06-14 12:31 . 2009-06-14 12:31 -------- d-----w- c:\documents and settings\DINO\Local Settings\Application Data\Help
2009-06-14 11:01 . 2009-06-14 12:31 -------- d-----w- c:\program files\railink
2009-06-13 11:24 . 2009-06-13 11:24 -------- d-----w- c:\documents and settings\DINO\Application Data\SmartFTP
2009-06-13 11:24 . 2009-06-13 11:24 -------- d-----w- c:\program files\SmartFTP Client
2009-06-13 11:23 . 2009-06-13 11:24 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 00:01 . 2008-10-06 14:44 -------- d-----w- c:\documents and settings\DINO\Application Data\Xfire
2009-07-11 23:00 . 2008-09-06 17:36 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-11 23:00 . 2008-09-06 17:36 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-11 22:37 . 2008-10-06 14:44 -------- d-----w- c:\documents and settings\DINO\Application Data\teamspeak2
2009-07-11 21:48 . 2009-02-26 20:39 -------- d-----w- c:\documents and settings\DINO\Application Data\mIRC
2009-07-11 21:47 . 2009-02-26 20:39 -------- d-----w- c:\program files\mIRC
2009-07-11 21:27 . 2008-12-11 16:02 -------- d-----w- c:\documents and settings\DINO\Application Data\LimeWire MP3
2009-07-11 21:17 . 2009-07-05 19:57 2564 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-11 21:08 . 2009-07-05 19:57 33616 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-11 00:06 . 2008-10-08 11:17 -------- d-----w- c:\documents and settings\DINO\Application Data\Hamachi
2009-07-10 19:15 . 2008-11-26 18:38 -------- d-----w- c:\program files\LimeWire
2009-07-10 13:45 . 2008-09-03 19:15 29032 ----a-w- c:\documents and settings\DINO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 09:49 . 2008-10-06 14:44 -------- d-----w- c:\program files\Xfire
2009-07-08 19:06 . 2008-09-29 17:29 -------- d-----w- c:\program files\THQ
2009-07-06 11:04 . 2008-10-30 21:51 -------- d-----w- c:\program files\IrfanView
2009-07-05 20:43 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-07-05 17:58 . 2009-03-09 17:46 -------- d-----w- c:\documents and settings\DINO\Application Data\Dev-Cpp
2009-07-05 17:52 . 2008-11-12 19:28 -------- d-----w- c:\program files\AlienGUIse
2009-07-04 20:46 . 2008-10-10 14:37 -------- d-----w- c:\documents and settings\DINO\Application Data\LimeWire
2009-06-26 14:37 . 2009-02-15 14:29 -------- d-----w- c:\documents and settings\DINO\Application Data\Nero
2009-06-25 09:31 . 2009-02-15 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-22 16:14 . 2008-09-06 17:32 -------- d-----w- c:\program files\Activision
2009-06-22 09:09 . 2008-09-06 17:36 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-21 11:29 . 2008-09-16 17:59 -------- d-----w- c:\documents and settings\DINO\Application Data\My Battle for Middle-earth(tm) II Files
2009-06-20 17:22 . 2009-03-10 23:44 -------- d-----w- c:\documents and settings\DINO\Application Data\Hide IP NG
2009-06-20 17:21 . 2008-09-03 19:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-15 21:01 . 2008-09-06 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2009-06-15 21:00 . 2008-09-06 17:36 22328 ----a-w- c:\documents and settings\DINO\Application Data\PnkBstrK.sys
2009-06-15 21:00 . 2008-09-06 17:36 22328 ----a-w- c:\documents and settings\DINO\Application Data\PnkBstrK.sys
2009-06-15 20:48 . 2008-09-06 18:14 -------- d-----w- c:\program files\Ubisoft
2009-06-04 18:57 . 2009-06-04 18:55 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-06-02 12:48 . 2009-03-19 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-05-07 15:32 . 2007-11-30 13:25 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2007-11-30 13:26 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2007-11-30 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2007-11-30 07:24 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2007-11-30 13:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-11-30 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-19 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-05 206088]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-28 17331200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2007-11-30 53760]

c:\documents and settings\DINO\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-7-2 3190096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.8.game"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\left4dead\\LEFT 4 DEAD\\LEFT 4 DEAD\\left4dead.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28960:UDP"= 28960:UDP:Susko

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/3/2008 8:52 PM 13696]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2/18/2009 7:53 PM 55152]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [9/3/2008 9:10 PM 93696]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [4/23/2007 2:11 PM 224896]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]
S4 FAH1;FAH1;c:\foldingathome1\srvany.exe [3/20/2009 5:28 PM 13312]
S4 FAH2;FAH2;c:\foldingathome2\srvany.exe [3/20/2009 5:28 PM 13312]
S4 FAH3;FAH3;c:\foldingathome3\srvany.exe [3/20/2009 5:28 PM 13312]
S4 FAH4;FAH4;c:\foldingathome4\srvany.exe [3/20/2009 5:28 PM 13312]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PNKBSTRB
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\DINO\Application Data\Mozilla\Firefox\Profiles\xo1npf4f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 02:05
Windows 5.1.2600 Service Pack 3, v.5755 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-2077806209-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9f,05,ec,fb,72,f0,32,85,d7,2b,0a,ed,c0,5e,ad,9b,53,e5,24,11,70,5d,e5,
ce,d1,a3,2c,ff,f5,43,49,aa,d5,82,64,0b,5d,8c,a4,43,d1,5d,d5,72,e9,74,53,4b,\
"??"=hex:f0,b6,10,2b,d1,af,95,90,07,1e,58,5a,b9,1c,5f,82

[HKEY_USERS\S-1-5-21-1220945662-2077806209-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:01,cf,56,ec,7c,99,e6,6a,ae,11,a6,db,56,60,1d,ff,47,31,fb,97,40,
4c,f4,0e,56,0e,80,6f,d5,16,33,86,de,e2,7f,0c,70,a8,ef,90,c5,60,fe,d0,91,24,\
"rkeysecu"=hex:b8,c8,9b,4c,2d,62,29,d2,4a,35,6a,1c,88,6e,2c,ce
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1720)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1556)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-12 2:07
ComboFix-quarantined-files.txt 2009-07-12 00:06
ComboFix2.txt 2009-07-11 19:00

Pre-Run: 379,424,165,888 bytes free
Post-Run: 379,441,688,576 bytes free

212 --- E O F --- 2009-06-25 23:18




My computer is going now a bit better but I think it should run even faster then this

katana
2009-07-12, 21:11
Did you disable your Antivirus during the ActiveScan ?
If not, then please try it again with your AV disabled.
If you did, then please try the ESET scan at the end of this post


Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



DeQuarantine::
C:\Qoobox\Quarantine\c\windows\system32\ATIODCLI.exe.vir
C:\Qoobox\Quarantine\c\windows\system32\ATIODE.exe.vir
Quit::

Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

----------------------------------------------------------------------------------------

Upload a File
Download suspicious file packer from here (http://www.safer-networking.org/files/sfp.zip)

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

C:\windows\system32\ATIODCLI.exe
C:\windows\system32\ATIODE.exe

Please open LINK >>> THIS PAGE (http://www.bleepingcomputer.com/submit-malware.php?channel=4) <<<LINK in a new window.


In the box marked Link to topic where this file was requested: please put this text

http://forums.spybot.info/showthread.php?p=322129#post322129

Click the Browse button and navigate to the cab file that was created on your desktop
Select this file and click Open

In the Largest box please put

File Requested By Katana
Failed Submit

Finally click SendFile

You can now delete SFP (exe and Zip) along with the .cab file that was created


----------------------------------------------------------------------------------------
Eset Online AntiVirus

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
(You may need to disable your resident Anti-Virus (http://www.bleepingcomputer.com/forums/topic114351.html).)

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.


Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

katana
2009-07-17, 17:42
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.