HJT Log 12/15/09 [Archive] - Safer-Networking Forums

Mareg

2009-12-16, 02:33

Hope I did this right. I am pretty sure something is infecting my computer I went away for a week and came back to find that If I searched using google half the links I clicked lead to a site with a url composed of random letters.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:18 PM, on 12/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\WINDOWS\system32\JMRaidTool.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
F:\Program Files\DAEMON Tools Lite\DTLite.exe
F:\Program Files\Trillian\trillian.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Eset\nod32krn.exe
F:\Program Files\mIRC\mirc.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\iTunes\iTunes.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\BCDC++\DCPlusPlus.exe
F:\Program Files\AWC\AWC.exe
F:\Program Files\ESET\nod32kui.exe
F:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
F:\Program Files\Steam\Steam.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] F:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Trillian.lnk = F:\Program Files\Trillian\trillian.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5143 bytes

peku006

2009-12-19, 11:04

Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

1 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

the logs from RSIT (log.txt ,info.txt)

Thanks peku006

Mareg

2009-12-19, 11:52

Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by AkumaHokoru at 2009-12-19 05:47:29
Microsoft Windows XP Professional Service Pack 3
System drive F: has 205 GB (43%) free of 477 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:37 AM, on 12/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\WINDOWS\system32\JMRaidTool.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\DAEMON Tools Lite\DTLite.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\svchost.exe
F:\32788R22FWJFW\iexplore.exe
F:\Program Files\Eset\nod32krn.exe
F:\Program Files\mIRC\mirc.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
F:\Program Files\BCDC++\DCPlusPlus.exe
F:\Program Files\ESET\nod32kui.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\Program Files\iTunes\iTunes.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\Trillian\trillian.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\AWC\AWC.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\AkumaHokoru\My Documents\INCOMING!!!\RSIT.exe
F:\Program Files\Trend Micro\HijackThis\AkumaHokoru.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] F:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Trillian.lnk = F:\Program Files\Trillian\trillian.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5471 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\AppleSoftwareUpdate.job
F:\WINDOWS\tasks\emscavou.job
F:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for AkumaHokoru.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-18 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2006-02-28 208952]
"PHIME2002ASync"=F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
"PHIME2002A"=F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
"RTHDCPL"=F:\WINDOWS\RTHDCPL.EXE [2006-06-01 16208384]
"SkyTel"=F:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=F:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"JMB36X Configure"=F:\WINDOWS\system32\JMRaidTool.exe [2006-04-24 385024]
"NvCplDaemon"=F:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=F:\WINDOWS\system32\NvMcTray.dll [2009-01-15 86016]
"QuickTime Task"=F:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=F:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"SunJavaUpdateSched"=F:\Program Files\Java\jre6\bin\jusched.exe [2009-11-18 149280]
"nod32kui"=F:\Program Files\Eset\nod32kui.exe [2009-11-18 949376]
"UnlockerAssistant"=F:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872]
"Malwarebytes' Anti-Malware"=F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"DAEMON Tools Lite"=F:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

F:\Documents and Settings\AkumaHokoru\Start Menu\Programs\Startup
Trillian.lnk - F:\Program Files\Trillian\trillian.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
F:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\uTorrent\uTorrent.exe"="F:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe"="F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\Program Files\Steam\Steam.exe"="F:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"F:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe"="F:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe:*:Enabled:Street Fighter IV"
"F:\Program Files\Bonjour\mDNSResponder.exe"="F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\Program Files\iTunes\iTunes.exe"="F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Dragon Age\bin_ship\daorigins.exe"="F:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"F:\Program Files\Dragon Age\DAOriginsLauncher.exe"="F:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"F:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="F:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"F:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="F:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"F:\Program Files\Skype\Phone\Skype.exe"="F:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe"="F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f39df11a-d494-11de-be78-0019213afbc3}]
shell\AutoRun\command - I:\autorun.exe -auto

======List of files/folders created in the last 1 months======

2009-12-19 05:47:29 ----D---- F:\rsit
2009-12-18 14:39:57 ----D---- F:\Program Files\Schtserv PsoBB
2009-12-15 21:55:13 ----D---- F:\Program Files\Malwarebytes' Anti-Malware
2009-12-15 21:46:30 ----D---- F:\WINDOWS\ERDNT
2009-12-15 21:46:15 ----SD---- F:\Akuma
2009-12-15 20:07:15 ----D---- F:\Program Files\Trend Micro
2009-12-14 23:47:27 ----D---- F:\Documents and Settings\AkumaHokoru\Application Data\abgx360
2009-12-11 06:07:18 ----D---- F:\Program Files\AWC
2009-12-11 03:41:34 ----HDC---- F:\WINDOWS\$NtUninstallKB970430$
2009-12-11 03:41:25 ----HDC---- F:\WINDOWS\$NtUninstallKB974318$
2009-12-11 03:41:12 ----HDC---- F:\WINDOWS\$NtUninstallKB976325$
2009-12-11 03:41:01 ----HDC---- F:\WINDOWS\$NtUninstallKB973904$
2009-12-11 03:40:53 ----HDC---- F:\WINDOWS\$NtUninstallKB974392$
2009-12-11 03:40:38 ----HDC---- F:\WINDOWS\$NtUninstallKB971737$
2009-12-09 18:18:14 ----A---- F:\WINDOWS\system32\d3dx10_41.dll
2009-12-09 18:18:14 ----A---- F:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-09 18:18:12 ----A---- F:\WINDOWS\system32\D3DX9_41.dll
2009-12-09 18:18:11 ----A---- F:\WINDOWS\system32\XAudio2_4.dll
2009-12-09 18:18:11 ----A---- F:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-09 18:18:09 ----A---- F:\WINDOWS\system32\xactengine3_4.dll
2009-12-09 18:18:08 ----A---- F:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-09 18:18:07 ----A---- F:\WINDOWS\system32\d3dx10_40.dll
2009-12-09 18:18:07 ----A---- F:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-09 18:18:05 ----A---- F:\WINDOWS\system32\D3DX9_40.dll
2009-12-09 18:18:04 ----A---- F:\WINDOWS\system32\XAudio2_3.dll
2009-12-09 18:18:04 ----A---- F:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-09 18:18:03 ----A---- F:\WINDOWS\system32\xactengine3_3.dll
2009-12-09 18:18:01 ----A---- F:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-09 18:18:00 ----A---- F:\WINDOWS\system32\XAudio2_2.dll
2009-12-09 18:18:00 ----A---- F:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-09 18:17:59 ----A---- F:\WINDOWS\system32\xactengine3_2.dll
2009-12-09 18:17:57 ----A---- F:\WINDOWS\system32\d3dx10_39.dll
2009-12-09 18:17:57 ----A---- F:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-09 18:17:56 ----A---- F:\WINDOWS\system32\D3DX9_39.dll
2009-12-09 18:17:54 ----A---- F:\WINDOWS\system32\XAudio2_1.dll
2009-12-09 18:17:54 ----A---- F:\WINDOWS\system32\XAPOFX1_0.dll
2009-12-09 18:17:53 ----A---- F:\WINDOWS\system32\xactengine3_1.dll
2009-12-09 18:17:52 ----A---- F:\WINDOWS\system32\X3DAudio1_4.dll
2009-12-09 18:17:51 ----A---- F:\WINDOWS\system32\D3DCompiler_38.dll
2009-12-09 18:17:50 ----A---- F:\WINDOWS\system32\d3dx10_38.dll
2009-12-09 18:17:49 ----A---- F:\WINDOWS\system32\D3DX9_38.dll
2009-12-09 18:17:48 ----A---- F:\WINDOWS\system32\XAudio2_0.dll
2009-12-09 18:17:47 ----A---- F:\WINDOWS\system32\xactengine3_0.dll
2009-12-09 18:17:46 ----A---- F:\WINDOWS\system32\X3DAudio1_3.dll
2009-12-09 18:17:45 ----A---- F:\WINDOWS\system32\d3dx10_37.dll
2009-12-09 18:17:45 ----A---- F:\WINDOWS\system32\D3DCompiler_37.dll
2009-12-09 18:17:43 ----A---- F:\WINDOWS\system32\D3DX9_37.dll
2009-12-09 18:16:38 ----D---- F:\WINDOWS\Logs
2009-12-09 18:05:15 ----D---- F:\Program Files\1C Company
2009-12-09 17:27:27 ----D---- F:\Documents and Settings\All Users\Application Data\NOS
2009-12-09 10:24:25 ----D---- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-09 03:51:01 ----RASH---- F:\WINDOWS\system32\regwizx.dll
2009-11-30 03:22:52 ----D---- F:\Program Files\VirtualDub-1.9.7
2009-11-25 15:57:26 ----A---- F:\WINDOWS\War3Unin.exe
2009-11-25 15:55:53 ----D---- F:\Program Files\Warcraft III
2009-11-24 21:31:54 ----D---- F:\Program Files\GGPO
2009-11-24 21:31:34 ----D---- F:\Documents and Settings\All Users\Application Data\Adobe
2009-11-24 21:28:41 ----D---- F:\Program Files\Common Files\Adobe AIR
2009-11-24 15:45:20 ----HDC---- F:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-24 15:45:05 ----HDC---- F:\WINDOWS\$NtUninstallKB973687$
2009-11-20 15:12:25 ----D---- F:\Program Files\abgx360
2009-11-20 02:41:49 ----HDC---- F:\WINDOWS\$NtUninstallKB961118$

======List of files/folders modified in the last 1 months======

2009-12-19 05:47:17 ----D---- F:\WINDOWS\Prefetch
2009-12-18 23:13:13 ----D---- F:\WINDOWS\Temp
2009-12-18 19:12:40 ----D---- F:\Program Files\Steam
2009-12-18 17:51:03 ----D---- F:\Documents and Settings\AkumaHokoru\Application Data\Skype
2009-12-18 14:59:12 ----RD---- F:\Program Files
2009-12-18 13:56:01 ----D---- F:\Documents and Settings\AkumaHokoru\Application Data\uTorrent
2009-12-18 13:25:35 ----D---- F:\Program Files\Mozilla Firefox
2009-12-18 03:54:47 ----D---- F:\Documents and Settings\AkumaHokoru\Application Data\mIRC
2009-12-16 09:48:53 ----D---- F:\Program Files\BCDC++
2009-12-16 02:02:33 ----D---- F:\WINDOWS\system32\CatRoot2
2009-12-15 21:56:12 ----SD---- F:\WINDOWS\Tasks
2009-12-15 21:55:20 ----D---- F:\Documents and Settings\AkumaHokoru\Application Data\Malwarebytes
2009-12-15 21:55:16 ----D---- F:\WINDOWS\system32\drivers
2009-12-15 21:51:42 ----D---- F:\Program Files\mIRC
2009-12-15 21:48:18 ----D---- F:\WINDOWS
2009-12-15 21:45:10 ----D---- F:\Program Files\Trillian
2009-12-15 21:33:06 ----D---- F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla
2009-12-15 21:30:14 ----A---- F:\WINDOWS\SchedLgU.Txt
2009-12-14 21:27:06 ----D---- F:\Program Files\JDownloader
2009-12-11 06:12:29 ----D---- F:\WINDOWS\system32
2009-12-11 06:00:15 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2009-12-11 03:41:40 ----HD---- F:\WINDOWS\inf
2009-12-11 03:41:38 ----RSHDC---- F:\WINDOWS\system32\dllcache
2009-12-11 03:41:31 ----A---- F:\WINDOWS\imsins.BAK
2009-12-11 03:41:00 ----HD---- F:\WINDOWS\$hf_mig$
2009-12-09 18:18:16 ----D---- F:\WINDOWS\system32\DirectX
2009-12-09 18:17:25 ----RSD---- F:\WINDOWS\assembly
2009-12-09 11:59:46 ----SHD---- F:\System Volume Information
2009-12-09 11:59:46 ----D---- F:\WINDOWS\system32\Restore
2009-12-09 11:59:06 ----D---- F:\WINDOWS\network diagnostic
2009-12-03 02:00:54 ----SD---- F:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-01 15:06:19 ----A---- F:\WINDOWS\system32\MRT.exe
2009-12-01 04:21:46 ----D---- F:\Program Files\Unlocker
2009-11-24 21:31:57 ----SHD---- F:\WINDOWS\Installer
2009-11-24 21:28:41 ----D---- F:\Program Files\Common Files
2009-11-22 04:29:04 ----D---- F:\Program Files\ReNamer
2009-11-20 04:16:52 ----D---- F:\WINDOWS\Microsoft.NET
2009-11-20 02:43:22 ----D---- F:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; F:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; F:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 nod32drv;nod32drv; F:\WINDOWS\system32\drivers\nod32drv.sys [2009-11-18 15424]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; F:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 AMON;AMON; F:\WINDOWS\system32\drivers\amon.sys [2009-11-18 512096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; F:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; F:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); F:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-05 4284928]
R3 MBAMProtector;MBAMProtector; \??\F:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; F:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; F:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; F:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 USBAAPL;Apple Mobile USB Driver; F:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 usbccgp;Microsoft USB Generic Parent Driver; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; F:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; F:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; F:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ab1hklil;ab1hklil; F:\WINDOWS\system32\drivers\ab1hklil.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; F:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; F:\WINDOWS\system32\DRIVERS\xusb21.sys [2009-04-08 56448]
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; F:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2009-11-18 153376]
R2 MBAMService;MBAMService; F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-03 276816]
R2 NOD32krn;NOD32 Kernel Service; F:\Program Files\Eset\nod32krn.exe [2009-11-18 552064]
R2 NVSvc;NVIDIA Display Driver Service; F:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
R3 iPod Service;iPod Service; F:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; F:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.06 2009-12-19 05:47:40

======Uninstall list======

-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
abgx360 v1.0.2-->"F:\Program Files\abgx360\uninstall.exe"
Adobe AIR-->f:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audiosurf-->"F:\Program Files\Steam\steam.exe" steam://uninstall/12900
AWC V3.0.7-->"F:\Program Files\AWC\unins000.exe"
BCDC++ 0.689ax-->"F:\Program Files\BCDC++\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CDisplay 1.8-->"F:\Program Files\CDisplay\unins000.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"F:\Program Files\Combined Community Codec Pack\unins000.exe"
Dragon Age: Origins-->F:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe
Garry's Mod-->"F:\Program Files\Steam\steam.exe" steam://uninstall/4000
GGPO-->MsiExec.exe /X{68BD9036-0952-4849-AE7A-963BB53EDB71}
High Definition Audio Driver Package - KB888111-->"F:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"F:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"F:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"F:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"F:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
ImgBurn-->"F:\Program Files\ImgBurn\uninstall.exe"
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
JDownloader-->F:\Program Files\JDownloader\uninstall.exe
JRAID-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Kings Bounty Armored Princess-->"F:\Program Files\1C Company\Kings Bounty Armored Princess\unins000.exe"
Left 4 Dead 2-->"F:\Program Files\Steam\steam.exe" steam://uninstall/550
Magic Online III-->F:\Program Files\InstallShield Installation Information\{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}\setup.exe -runfromtemp -l0x0009 -removeonly
Magic Workstation 0.94f-->"F:\Program Files\Magic Workstation\unins000.exe"
Malwarebytes' Anti-Malware-->"F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->F:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"F:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
mIRC-->F:\Program Files\mIRC\uninstall.exe _?=F:\Program Files\mIRC
Mozilla Firefox (3.5.6)-->F:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.42-->F:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MTG GamePack for Magic Workstation-->"F:\Program Files\Magic Workstation\unins001.exe"
NOD32 Antivirus System-->F:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"F:\Program Files\Eset\unins000.exe"
NVIDIA Drivers-->F:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
Phantasy Star Online Blue Burst 1.0-->"F:\Program Files\Phantasy Star Online Blue Burst\unins000.exe"
QuickSFV (Remove only)-->F:\Program Files\QuickSFV\QSFVUNST.EXE F:\Program Files\QuickSFV\
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
ReNamer-->"F:\Program Files\ReNamer\unins000.exe"
Security Update for Windows Media Player (KB952069)-->"F:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"F:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"F:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"F:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"F:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"F:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->F:\WINDOWS\system32\MacroMed\Flash\genuinst.exe F:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB946648)-->"F:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"F:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"F:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"F:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"F:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"F:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"F:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"F:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"F:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"F:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"F:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"F:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"F:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"F:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"F:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"F:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"F:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"F:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"F:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"F:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"F:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"F:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"F:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"F:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"F:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"F:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"F:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"F:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"F:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"F:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"F:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"F:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"F:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"F:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"F:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"F:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"F:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"F:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"F:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"F:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"F:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"F:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"F:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"F:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"F:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"F:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"F:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Street Fighter IV-->"F:\Program Files\Steam\steam.exe" steam://uninstall/21660
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
Team Fortress 2-->"F:\Program Files\Steam\steam.exe" steam://uninstall/440
Trillian-->F:\Program Files\Trillian\trillian.exe /uninstall
Unlocker 1.8.7-->F:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951978)-->"F:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"F:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"F:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"F:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"F:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"F:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"F:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"F:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->F:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows XP Service Pack 3-->"F:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->F:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O24 - Desktop Component 0: (no name) - F:\WINDOWS\Web\Wallpaper\bleach.png [2009-12-15]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2009-12-15]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-12-15]

======Security center information======

AV: ESET NOD32 antivirus system 2.70 (outdated)

======System event log======

Computer Name: AKUMA
Event Code: 64008
Message: The protected system file f:\windows\system32\drivers\usbport.sys could not be verified as valid because Windows
File Protection is terminating.
Use the SFC utility to verify the integrity of the file at a later time.

Record Number: 99
Source Name: Windows File Protection
Time Written: 20091118081903.000000-300
Event Type: warning
User:

Computer Name: AKUMA
Event Code: 64008
Message: The protected system file f:\windows\system32\drivers\usbhub.sys could not be verified as valid because Windows
File Protection is terminating.
Use the SFC utility to verify the integrity of the file at a later time.

Record Number: 98
Source Name: Windows File Protection
Time Written: 20091118081903.000000-300
Event Type: warning
User:

Computer Name: AKUMA
Event Code: 64008
Message: The protected system file f:\windows\system32\usbui.dll could not be verified as valid because Windows
File Protection is terminating.
Use the SFC utility to verify the integrity of the file at a later time.

Record Number: 97
Source Name: Windows File Protection
Time Written: 20091118081903.000000-300
Event Type: warning
User:

Computer Name: MACHINENAME
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 5
Source Name: Cdrom
Time Written: 20091118005451.000000-300
Event Type: error
User:

Computer Name: MACHINENAME
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 4
Source Name: Cdrom
Time Written: 20091118005444.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: AKUMA
Event Code: 1000
Message: Faulting application shpsobb.exe, version 0.0.0.0, faulting module shpsobb.exe, version 0.0.0.0, fault address 0x00388fd2.

Record Number: 342
Source Name: Application Error
Time Written: 20091215033533.000000-300
Event Type: error
User:

Computer Name: AKUMA
Event Code: 1000
Message: Faulting application shpsobb.exe, version 0.0.0.0, faulting module shpsobb.exe, version 0.0.0.0, fault address 0x00388fd2.

Record Number: 340
Source Name: Application Error
Time Written: 20091215033522.000000-300
Event Type: error
User:

Computer Name: AKUMA
Event Code: 1002
Message: Hanging application AWC.exe, version 3.0.0.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 339
Source Name: Application Hang
Time Written: 20091215010209.000000-300
Event Type: error
User:

Computer Name: AKUMA
Event Code: 1002
Message: Hanging application AWC.exe, version 3.0.0.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 329
Source Name: Application Hang
Time Written: 20091211061439.000000-300
Event Type: error
User:

Computer Name: AKUMA
Event Code: 1002
Message: Hanging application AWC.exe, version 3.0.0.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 328
Source Name: Application Hang
Time Written: 20091211061330.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;F:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;F:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=F:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

peku006

2009-12-19, 12:18

Hi Mareg

1 - Download and Run ComboFix

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.

2 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006

Mareg

2009-12-19, 21:40

combofix is offline. http://download.bleepingcomputer.com/sUBs/ComboFix.html

peku006

2009-12-20, 08:21

Hi Mareg

Thank you for your "combofix information" :bigthumb:

1 - Run Malwarebytes' Anti-Malware

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006

Mareg

2009-12-23, 02:26

Malware bytes log

Malwarebytes' Anti-Malware 1.42
Database version: 3372
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/22/2009 7:58:52 PM
mbam-log-2009-12-22 (19-58-52).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 268773
Time elapsed: 1 hour(s), 0 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:29 PM, on 12/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\WINDOWS\system32\JMRaidTool.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\DAEMON Tools Lite\DTLite.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\svchost.exe
F:\32788R22FWJFW\iexplore.exe
F:\Program Files\Eset\nod32krn.exe
F:\Program Files\mIRC\mirc.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
F:\Program Files\BCDC++\DCPlusPlus.exe
F:\Program Files\ESET\nod32kui.exe
F:\Program Files\Unlocker\UnlockerAssistant.exe
F:\Program Files\iTunes\iTunes.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\Trillian\trillian.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\AWC\AWC.exe
F:\Program Files\Windows Media Player\wmplayer.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] F:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Trillian.lnk = F:\Program Files\Trillian\trillian.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5482 bytes

The only problem I have is some searches on google get redirects when i click the link (i.e. googling malwarebytes and clicking the link to the malware bytes webpage redirects me to newserversearch.com.)

peku006

2009-12-23, 10:57

Mareg

2009-12-24, 02:11

Once again. Combofix does not work it is currently offline. I ran it and nothing happens.

peku006

2009-12-24, 10:04

Hi Mareg

Once again. Combofix does not work it is currently offline
Combofix is not offline ,I tried it a minute ago

I ran it and nothing happens.
How is this possible if it is "offline"

A guide and tutorial on using ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

Please include the C:\ComboFix.txt in your next reply

Thanks peku006

Mareg

2009-12-26, 23:25

the program loads and then it creates a folder on my system drive but the program itself never actually runs it used to send me to the link i posted before which you took as a joke and ignored. that would happen anytime i ran combofix since i first posted the thread. now after i click yes on the disclaimer it creates 2 folders and the blue box never comes up.

http://img20.imageshack.us/img20/6405/randomfolder.png

peku006

2009-12-27, 13:10

Hi Mareg

Download and run OTS

Download OTS (http://oldtimer.geekstogo.com/OTS.exe) by Oldtimer to your Desktop and double-click on it to extract the files.

NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).

Thanks peku006

Mareg

2009-12-27, 22:50

OTS logfile created on: 12/27/2009 4:42:08 PM - Run 1
OTS by OldTimer - Version 3.1.14.1 Folder = F:\Documents and Settings\AkumaHokoru\My Documents\INCOMING!!!
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 931.51 Gb Total Space | 633.39 Gb Free Space | 68.00% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 849.34 Gb Free Space | 91.18% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 499.90 Gb Free Space | 53.67% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 196.38 Gb Free Space | 42.16% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 74.31 Gb Total Space | 40.72 Gb Free Space | 54.81% Space Free | Partition Type: FAT32
Drive I: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AKUMA
Current User Name: AkumaHokoru
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> F:\Documents and Settings\AkumaHokoru\My Documents\INCOMING!!!\OTS.exe -> [2009/12/27 16:31:10 | 00,599,040 | ---- | M] (OldTimer Tools)
mbamservice.exe -> F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation)
nod32krn.exe -> F:\Program Files\ESET\nod32krn.exe -> [2009/11/18 19:00:56 | 00,552,064 | ---- | M] (Eset )
jqs.exe -> F:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/18 14:28:41 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> F:\Program Files\Java\jre6\bin\jusched.exe -> [2009/11/18 14:28:41 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
ituneshelper.exe -> F:\Program Files\iTunes\iTunesHelper.exe -> [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.)
ipodservice.exe -> F:\Program Files\iPod\bin\iPodService.exe -> [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.)
applemobiledeviceservice.exe -> F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.)
nvsvc32.exe -> F:\WINDOWS\system32\nvsvc32.exe -> [2009/01/15 08:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
mdnsresponder.exe -> F:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
explorer.exe -> F:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
rthdcpl.exe -> F:\WINDOWS\RTHDCPL.exe -> [2006/06/01 03:48:00 | 16,208,384 | R--- | M] (Realtek Semiconductor Corp.)
jmraidtool.exe -> F:\WINDOWS\system32\JMRaidTool.exe -> [2006/04/24 21:52:24 | 00,385,024 | R--- | M] (JMicron Technology Corp.)

[Modules - Safe List]
ots.exe -> F:\Documents and Settings\AkumaHokoru\My Documents\INCOMING!!!\OTS.exe -> [2009/12/27 16:31:10 | 00,599,040 | ---- | M] (OldTimer Tools)

[Win32 Services - Safe List]
(MBAMService) MBAMService [Auto | Running] -> F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2009/12/03 16:14:02 | 00,276,816 | ---- | M] (Malwarebytes Corporation)
(NOD32krn) NOD32 Kernel Service [Auto | Running] -> F:\Program Files\Eset\nod32krn.exe -> [2009/11/18 19:00:56 | 00,552,064 | ---- | M] (Eset )
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> F:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/18 14:28:41 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(iPod Service) iPod Service [On_Demand | Running] -> F:\Program Files\iPod\bin\iPodService.exe -> [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.)
(DAUpdaterSvc) Dragon Age: Origins - Content Updater [On_Demand | Stopped] -> F:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -> [2009/07/26 06:43:14 | 00,025,832 | ---- | M] (BioWare)
(NVSvc) NVIDIA Display Driver Service [Auto | Running] -> F:\WINDOWS\system32\nvsvc32.exe -> [2009/01/15 08:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(Bonjour Service) Bonjour Service [Auto | Running] -> F:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)

[Driver Services - Safe List]
(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> F:\WINDOWS\system32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
(AMON) AMON [Kernel | Auto | Running] -> F:\WINDOWS\system32\drivers\amon.sys -> [2009/11/18 19:00:57 | 00,512,096 | ---- | M] (Eset )
(nod32drv) nod32drv [Kernel | System | Running] -> F:\WINDOWS\system32\drivers\nod32drv.sys -> [2009/11/18 19:00:56 | 00,015,424 | ---- | M] ()
(sptd) sptd [Kernel | Boot | Running] -> F:\WINDOWS\System32\Drivers\sptd.sys -> [2009/11/18 14:09:36 | 00,691,696 | ---- | M] ()
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Running] -> F:\WINDOWS\system32\drivers\usbaapl.sys -> [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> F:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.)
(xusb21) Xbox 360 Wireless Receiver Driver Service 21 [Kernel | On_Demand | Stopped] -> F:\WINDOWS\system32\drivers\xusb21.sys -> [2009/04/08 14:29:52 | 00,056,448 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> F:\WINDOWS\system32\drivers\nv4_mini.sys -> [2009/01/15 08:19:00 | 06,301,248 | ---- | M] (NVIDIA Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> F:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> F:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> F:\WINDOWS\system32\drivers\RtkHDAud.Sys -> [2006/06/05 23:09:26 | 04,284,928 | R--- | M] (Realtek Semiconductor Corp.)
(JRAID) JRAID [Kernel | Boot | Running] -> F:\WINDOWS\system32\DRIVERS\jraid.sys -> [2006/05/19 03:16:14 | 00,042,880 | R--- | M] (JMicron Technology Corp.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> F:\WINDOWS\system32\drivers\ptilink.sys -> [2006/02/28 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> F:\WINDOWS\system32\drivers\Rtnicxp.sys -> [2006/02/26 16:46:20 | 00,081,408 | R--- | M] (Realtek Semiconductor Corporation )
(JGOGO) JMicron Hot-Plug Driver [Kernel | Boot | Running] -> F:\WINDOWS\system32\DRIVERS\JGOGO.sys -> [2006/02/07 06:52:58 | 00,006,912 | R--- | M] (JMicron )

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\] > -> ->
HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\: Main\\"Start Page" -> http://www.msn.com/ ->
HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\: SearchURL\\"provider" -> ->
HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\FireFox\Profiles\hi6oec7u.default\prefs.js ->
browser.startup.homepage -> "" ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
extensions.enabledItems -> {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6 ->
extensions.enabledItems -> {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.15 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components -> F:\Program Files\Mozilla Firefox\components [F:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/12/15 21:33:01 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins -> F:\Program Files\Mozilla Firefox\plugins [F:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/12/23 20:05:21 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Extensions -> [2009/12/15 21:33:06 | 00,000,000 | ---D | M]
-> F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Firefox\Profiles\9y85ykx7.default\extensions -> [2009/12/27 04:53:53 | 00,000,000 | ---D | M]
NoScript -> F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Firefox\Profiles\9y85ykx7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2009/12/15 21:39:28 | 00,000,000 | ---D | M]
Password Exporter -> F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Firefox\Profiles\9y85ykx7.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} -> [2009/12/15 21:41:39 | 00,000,000 | ---D | M]
Download Statusbar -> F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Firefox\Profiles\9y85ykx7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009/12/15 21:54:04 | 00,000,000 | ---D | M]
-> F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Firefox\Profiles\9y85ykx7.default\extensions\justintvpublisher@justin.tv -> [2009/12/22 19:47:41 | 00,000,000 | ---D | M]
-> F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Firefox\Profiles\hi6oec7u.default\extensions -> [2009/11/18 04:04:56 | 00,000,000 | ---D | M]
NoScript -> F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Firefox\Profiles\hi6oec7u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2009/11/18 04:04:50 | 00,000,000 | ---D | M]
FireFTP -> F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Firefox\Profiles\hi6oec7u.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} -> [2009/11/18 04:04:50 | 00,000,000 | ---D | M]
Download Statusbar -> F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Firefox\Profiles\hi6oec7u.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009/11/18 04:04:53 | 00,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> F:\Program Files\Mozilla Firefox\extensions -> [2009/12/27 04:53:53 | 00,000,000 | ---D | M]
< HOSTS File > (734 bytes and 19 lines) -> F:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> F:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/11/18 14:28:41 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/11/18 14:28:43 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Alcmtr" -> F:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 05:43:28 | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"IMJPMIG8.1" -> F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2006/02/28 07:00:00 | 00,208,952 | ---- | M] (Microsoft Corporation)
"iTunesHelper" -> F:\Program Files\iTunes\iTunesHelper.exe ["F:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.)
"JMB36X Configure" -> F:\WINDOWS\System32\JMRaidTool.exe [F:\WINDOWS\system32\JMRaidTool.exe boot] -> [2006/04/24 21:52:24 | 00,385,024 | R--- | M] (JMicron Technology Corp.)
"Malwarebytes' Anti-Malware" -> F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ["F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2009/12/03 16:14:02 | 00,429,392 | ---- | M] (Malwarebytes Corporation)
"nod32kui" -> F:\Program Files\Eset\nod32kui.exe ["F:\Program Files\Eset\nod32kui.exe" /WAITSERVICE] -> [2009/11/18 19:00:57 | 00,949,376 | ---- | M] (Eset )
"NvCplDaemon" -> F:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2009/01/15 08:19:00 | 13,680,640 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> F:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2009/01/15 08:19:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" -> F:\WINDOWS\System32\nwiz.exe [nwiz.exe /install] -> [2009/01/15 08:19:00 | 01,657,376 | ---- | M] ()
"PHIME2002A" -> F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2006/02/28 07:00:00 | 00,455,168 | ---- | M] (Microsoft Corporation)
"PHIME2002ASync" -> F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [F:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> [2006/02/28 07:00:00 | 00,455,168 | ---- | M] (Microsoft Corporation)
"QuickTime Task" -> F:\Program Files\QuickTime\QTTask.exe ["F:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/09/05 01:54:42 | 00,417,792 | ---- | M] (Apple Inc.)
"RTHDCPL" -> F:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2006/06/01 03:48:00 | 16,208,384 | R--- | M] (Realtek Semiconductor Corp.)
"SkyTel" -> F:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2006/05/16 05:04:26 | 02,879,488 | R--- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> F:\Program Files\Java\jre6\bin\jusched.exe ["F:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/11/18 14:28:41 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"UnlockerAssistant" -> F:\Program Files\Unlocker\UnlockerAssistant.exe ["F:\Program Files\Unlocker\UnlockerAssistant.exe"] -> [2008/05/01 23:15:46 | 00,015,872 | ---- | M] ()
< Run [HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\] > -> HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DAEMON Tools Lite" -> F:\Program Files\DAEMON Tools Lite\DTLite.exe ["F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun] -> [2009/10/30 06:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd)
< AkumaHokoru Startup Folder > -> F:\Documents and Settings\AkumaHokoru\Start Menu\Programs\Startup ->
F:\Documents and Settings\AkumaHokoru\Start Menu\Programs\Startup\Trillian.lnk -> F:\Program Files\Trillian\trillian.exe -> [2008/06/13 13:13:12 | 01,462,144 | ---- | M] (Cerulean Studios)
< All Users Startup Folder > -> F:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> F:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003] > -> HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003] > -> HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\] > -> HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\] > -> HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-842925246-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{CF8A9FDD-23D6-4082-8FE0-4348FE6A9B93}\\DhcpNameServer -> 192.168.0.1 (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> F:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> F:\Program Files\Windows Live\Messenger\wlcsdk.exe [F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"F:\Program Files\Bonjour\mDNSResponder.exe" -> F:\Program Files\Bonjour\mDNSResponder.exe [F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"F:\Program Files\Dragon Age\bin_ship\daorigins.exe" -> F:\Program Files\Dragon Age\bin_ship\daorigins.exe [F:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game] -> [2009/10/27 01:07:30 | 09,909,480 | ---- | M] (BioWare)
"F:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" -> F:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe [F:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater] -> [2009/07/26 06:43:14 | 00,025,832 | ---- | M] (BioWare)
"F:\Program Files\Dragon Age\DAOriginsLauncher.exe" -> F:\Program Files\Dragon Age\DAOriginsLauncher.exe [F:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher] -> [2009/08/10 10:59:08 | 01,246,440 | ---- | M] (BioWare)
"F:\Program Files\iTunes\iTunes.exe" -> F:\Program Files\iTunes\iTunes.exe [F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/10/28 20:21:22 | 10,358,048 | ---- | M] (Apple Inc.)
"F:\Program Files\Skype\Phone\Skype.exe" -> F:\Program Files\Skype\Phone\Skype.exe [F:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.)
"F:\Program Files\Steam\Steam.exe" -> F:\Program Files\Steam\Steam.exe [F:\Program Files\Steam\Steam.exe:*:Enabled:Steam] -> [2009/11/18 06:46:22 | 01,217,808 | ---- | M] (Valve Corporation)
"F:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" -> F:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe [F:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2] -> [2009/11/18 09:59:48 | 00,385,024 | ---- | M] ()
"F:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe" -> F:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe [F:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe:*:Enabled:Street Fighter IV] -> [2009/11/18 09:06:03 | 01,970,176 | ---- | M] (CAPCOM U.S.A., INC.)
"F:\Program Files\uTorrent\uTorrent.exe" -> F:\Program Files\uTorrent\uTorrent.exe [F:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/12/15 13:18:02 | 00,289,584 | ---- | M] (BitTorrent, Inc.)
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> F:\Program Files\Windows Live\Messenger\wlcsdk.exe [F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/11/18 06:10:03 | 00,000,000 | ---- | M] ()
I:\autorun.exe [MZ | ] -> I:\autorun.exe [ CDFS ] -> [2009/07/16 17:13:07 | 01,246,440 | R--- | M] (BioWare)
I:\autorun.inf [[autorun] | OPEN=autorun.exe -auto | ICON=data\autorun.ico | ] -> I:\autorun.inf [ CDFS ] -> [2009/04/13 22:17:18 | 00,000,058 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{f39df11a-d494-11de-be78-0019213afbc3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f39df11a-d494-11de-be78-0019213afbc3}\Shell
\{f39df11a-d494-11de-be78-0019213afbc3}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f39df11a-d494-11de-be78-0019213afbc3}\Shell\AutoRun
\{f39df11a-d494-11de-be78-0019213afbc3}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f39df11a-d494-11de-be78-0019213afbc3}\Shell\AutoRun\command
\{f39df11a-d494-11de-be78-0019213afbc3}\Shell\AutoRun\command\\"" -> I:\autorun.exe [I:\autorun.exe -auto] -> [2009/07/16 17:13:07 | 01,246,440 | R--- | M] (BioWare)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->

[Files/Folders - Created Within 30 Days]
Identities -> F:\Documents and Settings\AkumaHokoru\Local Settings\Application Data\Identities -> [2009/12/27 16:05:08 | 00,000,000 | ---D | C]
Help -> F:\Documents and Settings\AkumaHokoru\Local Settings\Application Data\Help -> [2009/12/26 02:26:04 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> F:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/23 21:40:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> F:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/23 21:40:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Adobe -> F:\WINDOWS\System32\Adobe -> [2009/12/22 21:11:00 | 00,000,000 | ---D | C]
d3dx10_42.dll -> F:\WINDOWS\System32\d3dx10_42.dll -> [2009/12/20 22:19:53 | 00,453,456 | ---- | C] (Microsoft Corporation)
D3DX9_42.dll -> F:\WINDOWS\System32\D3DX9_42.dll -> [2009/12/20 22:19:51 | 01,892,184 | ---- | C] (Microsoft Corporation)
CAPCOM -> F:\Documents and Settings\AkumaHokoru\Local Settings\Application Data\CAPCOM -> [2009/12/20 22:19:33 | 00,000,000 | ---D | C]
xlive -> F:\WINDOWS\System32\xlive -> [2009/12/20 22:16:08 | 00,000,000 | ---D | C]
Microsoft Games for Windows - LIVE -> F:\Program Files\Microsoft Games for Windows - LIVE -> [2009/12/20 22:16:08 | 00,000,000 | ---D | C]
Schtserv PsoBB -> F:\Program Files\Schtserv PsoBB -> [2009/12/18 14:39:57 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> F:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/15 21:55:13 | 00,000,000 | ---D | C]
Downloads -> F:\Documents and Settings\AkumaHokoru\My Documents\Downloads -> [2009/12/15 21:50:57 | 00,000,000 | ---D | C]
ERDNT -> F:\WINDOWS\ERDNT -> [2009/12/15 21:46:30 | 00,000,000 | ---D | C]
Trend Micro -> F:\Program Files\Trend Micro -> [2009/12/15 20:07:15 | 00,000,000 | ---D | C]
abgx360 -> F:\Documents and Settings\AkumaHokoru\Application Data\abgx360 -> [2009/12/14 23:47:27 | 00,000,000 | ---D | C]
MSCOMCTL.OCX -> F:\WINDOWS\System32\MSCOMCTL.OCX -> [2009/12/11 06:10:34 | 01,066,176 | ---- | C] (Microsoft Corporation)
AWC -> F:\Program Files\AWC -> [2009/12/11 06:07:18 | 00,000,000 | ---D | C]
My Games -> F:\Documents and Settings\AkumaHokoru\My Documents\My Games -> [2009/12/09 18:22:08 | 00,000,000 | ---D | C]
D3DCompiler_41.dll -> F:\WINDOWS\System32\D3DCompiler_41.dll -> [2009/12/09 18:18:14 | 01,846,632 | ---- | C] (Microsoft Corporation)
d3dx10_41.dll -> F:\WINDOWS\System32\d3dx10_41.dll -> [2009/12/09 18:18:14 | 00,453,456 | ---- | C] (Microsoft Corporation)
D3DX9_41.dll -> F:\WINDOWS\System32\D3DX9_41.dll -> [2009/12/09 18:18:12 | 04,178,264 | ---- | C] (Microsoft Corporation)
XAudio2_4.dll -> F:\WINDOWS\System32\XAudio2_4.dll -> [2009/12/09 18:18:11 | 00,517,448 | ---- | C] (Microsoft Corporation)
XAPOFX1_3.dll -> F:\WINDOWS\System32\XAPOFX1_3.dll -> [2009/12/09 18:18:11 | 00,069,448 | ---- | C] (Microsoft Corporation)
xactengine3_4.dll -> F:\WINDOWS\System32\xactengine3_4.dll -> [2009/12/09 18:18:09 | 00,235,352 | ---- | C] (Microsoft Corporation)
X3DAudio1_6.dll -> F:\WINDOWS\System32\X3DAudio1_6.dll -> [2009/12/09 18:18:08 | 00,022,360 | ---- | C] (Microsoft Corporation)
D3DCompiler_40.dll -> F:\WINDOWS\System32\D3DCompiler_40.dll -> [2009/12/09 18:18:07 | 02,036,576 | ---- | C] (Microsoft Corporation)
d3dx10_40.dll -> F:\WINDOWS\System32\d3dx10_40.dll -> [2009/12/09 18:18:07 | 00,452,440 | ---- | C] (Microsoft Corporation)
D3DX9_40.dll -> F:\WINDOWS\System32\D3DX9_40.dll -> [2009/12/09 18:18:05 | 04,379,984 | ---- | C] (Microsoft Corporation)
XAudio2_3.dll -> F:\WINDOWS\System32\XAudio2_3.dll -> [2009/12/09 18:18:04 | 00,514,384 | ---- | C] (Microsoft Corporation)
XAPOFX1_2.dll -> F:\WINDOWS\System32\XAPOFX1_2.dll -> [2009/12/09 18:18:04 | 00,070,992 | ---- | C] (Microsoft Corporation)
xactengine3_3.dll -> F:\WINDOWS\System32\xactengine3_3.dll -> [2009/12/09 18:18:03 | 00,235,856 | ---- | C] (Microsoft Corporation)
X3DAudio1_5.dll -> F:\WINDOWS\System32\X3DAudio1_5.dll -> [2009/12/09 18:18:01 | 00,023,376 | ---- | C] (Microsoft Corporation)
XAudio2_2.dll -> F:\WINDOWS\System32\XAudio2_2.dll -> [2009/12/09 18:18:00 | 00,509,448 | ---- | C] (Microsoft Corporation)
XAPOFX1_1.dll -> F:\WINDOWS\System32\XAPOFX1_1.dll -> [2009/12/09 18:18:00 | 00,068,616 | ---- | C] (Microsoft Corporation)
xactengine3_2.dll -> F:\WINDOWS\System32\xactengine3_2.dll -> [2009/12/09 18:17:59 | 00,238,088 | ---- | C] (Microsoft Corporation)
D3DCompiler_39.dll -> F:\WINDOWS\System32\D3DCompiler_39.dll -> [2009/12/09 18:17:57 | 01,493,528 | ---- | C] (Microsoft Corporation)
d3dx10_39.dll -> F:\WINDOWS\System32\d3dx10_39.dll -> [2009/12/09 18:17:57 | 00,467,984 | ---- | C] (Microsoft Corporation)
D3DX9_39.dll -> F:\WINDOWS\System32\D3DX9_39.dll -> [2009/12/09 18:17:56 | 03,851,784 | ---- | C] (Microsoft Corporation)
XAudio2_1.dll -> F:\WINDOWS\System32\XAudio2_1.dll -> [2009/12/09 18:17:54 | 00,507,400 | ---- | C] (Microsoft Corporation)
XAPOFX1_0.dll -> F:\WINDOWS\System32\XAPOFX1_0.dll -> [2009/12/09 18:17:54 | 00,065,032 | ---- | C] (Microsoft Corporation)
xactengine3_1.dll -> F:\WINDOWS\System32\xactengine3_1.dll -> [2009/12/09 18:17:53 | 00,238,088 | ---- | C] (Microsoft Corporation)
X3DAudio1_4.dll -> F:\WINDOWS\System32\X3DAudio1_4.dll -> [2009/12/09 18:17:52 | 00,025,608 | ---- | C] (Microsoft Corporation)
D3DCompiler_38.dll -> F:\WINDOWS\System32\D3DCompiler_38.dll -> [2009/12/09 18:17:51 | 01,491,992 | ---- | C] (Microsoft Corporation)
d3dx10_38.dll -> F:\WINDOWS\System32\d3dx10_38.dll -> [2009/12/09 18:17:50 | 00,467,984 | ---- | C] (Microsoft Corporation)
D3DX9_38.dll -> F:\WINDOWS\System32\D3DX9_38.dll -> [2009/12/09 18:17:49 | 03,850,760 | ---- | C] (Microsoft Corporation)
XAudio2_0.dll -> F:\WINDOWS\System32\XAudio2_0.dll -> [2009/12/09 18:17:48 | 00,479,752 | ---- | C] (Microsoft Corporation)
xactengine3_0.dll -> F:\WINDOWS\System32\xactengine3_0.dll -> [2009/12/09 18:17:47 | 00,238,088 | ---- | C] (Microsoft Corporation)
X3DAudio1_3.dll -> F:\WINDOWS\System32\X3DAudio1_3.dll -> [2009/12/09 18:17:46 | 00,025,608 | ---- | C] (Microsoft Corporation)
D3DCompiler_37.dll -> F:\WINDOWS\System32\D3DCompiler_37.dll -> [2009/12/09 18:17:45 | 01,420,824 | ---- | C] (Microsoft Corporation)
d3dx10_37.dll -> F:\WINDOWS\System32\d3dx10_37.dll -> [2009/12/09 18:17:45 | 00,462,864 | ---- | C] (Microsoft Corporation)
D3DX9_37.dll -> F:\WINDOWS\System32\D3DX9_37.dll -> [2009/12/09 18:17:43 | 03,786,760 | ---- | C] (Microsoft Corporation)
Logs -> F:\WINDOWS\Logs -> [2009/12/09 18:16:38 | 00,000,000 | ---D | C]
1C Company -> F:\Program Files\1C Company -> [2009/12/09 18:05:15 | 00,000,000 | ---D | C]
NOS -> F:\Documents and Settings\All Users\Application Data\NOS -> [2009/12/09 17:27:27 | 00,000,000 | ---D | C]
Malwarebytes -> F:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/09 10:24:25 | 00,000,000 | ---D | C]
UserData -> F:\Documents and Settings\AkumaHokoru\UserData -> [2009/12/09 06:05:12 | 00,000,000 | --SD | C]
VirtualDub-1.9.7 -> F:\Program Files\VirtualDub-1.9.7 -> [2009/11/30 03:22:52 | 00,000,000 | ---D | C]
Apple -> F:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2009/11/23 09:30:01 | 00,000,000 | ---D | M]
Microsoft -> F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/11/18 18:23:18 | 00,000,000 | ---D | M]
Microsoft -> F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/11/18 06:12:53 | 00,000,000 | ---D | M]
Microsoft -> F:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/11/18 06:09:59 | 00,000,000 | --SD | M]
Microsoft -> F:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/11/18 06:09:59 | 00,000,000 | --SD | M]
5 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp ->
1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp ->

[Files/Folders - Modified Within 30 Days]
nvapps.xml -> F:\WINDOWS\System32\nvapps.xml -> [2009/12/23 23:11:01 | 00,206,530 | ---- | M] ()
wpa.dbl -> F:\WINDOWS\System32\wpa.dbl -> [2009/12/23 23:11:00 | 00,013,704 | ---- | M] ()
SA.DAT -> F:\WINDOWS\tasks\SA.DAT -> [2009/12/23 23:10:43 | 00,000,006 | -H-- | M] ()
emscavou.job -> F:\WINDOWS\tasks\emscavou.job -> [2009/12/23 23:10:42 | 00,000,322 | -HS- | M] ()
bootstat.dat -> F:\WINDOWS\bootstat.dat -> [2009/12/23 23:10:41 | 00,002,048 | --S- | M] ()
NTUSER.DAT -> F:\Documents and Settings\AkumaHokoru\NTUSER.DAT -> [2009/12/23 23:09:38 | 04,456,448 | -H-- | M] ()
Mozilla Firefox.lnk -> F:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2009/12/22 21:10:16 | 00,001,606 | ---- | M] ()
AppleSoftwareUpdate.job -> F:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/12/21 09:30:01 | 00,000,284 | ---- | M] ()
_online.exe -> F:\Documents and Settings\AkumaHokoru\_online.exe -> [2009/12/19 15:26:14 | 01,530,368 | ---- | M] ()
MSCOMCTL.OCX -> F:\WINDOWS\System32\MSCOMCTL.OCX -> [2009/12/11 06:10:37 | 01,066,176 | ---- | M] (Microsoft Corporation)
PerfStringBackup.INI -> F:\WINDOWS\System32\PerfStringBackup.INI -> [2009/12/11 06:00:15 | 00,509,942 | ---- | M] ()
perfh009.dat -> F:\WINDOWS\System32\perfh009.dat -> [2009/12/11 06:00:15 | 00,433,324 | ---- | M] ()
perfc009.dat -> F:\WINDOWS\System32\perfc009.dat -> [2009/12/11 06:00:15 | 00,067,836 | ---- | M] ()
imsins.BAK -> F:\WINDOWS\imsins.BAK -> [2009/12/11 03:41:31 | 00,001,393 | ---- | M] ()
regwizx.dll -> F:\WINDOWS\System32\regwizx.dll -> [2009/12/09 03:51:01 | 00,108,032 | RHS- | M] ()
mlfcache.dat -> F:\WINDOWS\System32\mlfcache.dat -> [2009/12/05 22:01:39 | 00,021,220 | -H-- | M] ()
mbamswissarmy.sys -> F:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> F:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
58 F:\Documents and Settings\AkumaHokoru\Local Settings\Temp\*.tmp files -> F:\Documents and Settings\AkumaHokoru\Local Settings\Temp\*.tmp ->
58 F:\Documents and Settings\AkumaHokoru\Local Settings\Temp\*.tmp files -> F:\Documents and Settings\AkumaHokoru\Local Settings\Temp\*.tmp ->
58 F:\Documents and Settings\AkumaHokoru\Local Settings\Temp\*.tmp files -> F:\Documents and Settings\AkumaHokoru\Local Settings\Temp\*.tmp ->
5 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp ->
3 F:\WINDOWS\Temp\*.tmp files -> F:\WINDOWS\Temp\*.tmp ->
1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp ->

[Files - No Company Name]
Mozilla Firefox.lnk -> F:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2009/12/22 21:10:15 | 00,001,606 | ---- | C] ()
_online.exe -> F:\Documents and Settings\AkumaHokoru\_online.exe -> [2009/12/18 14:53:39 | 01,530,368 | ---- | C] ()
regwizx.dll -> F:\WINDOWS\System32\regwizx.dll -> [2009/12/09 03:51:01 | 00,108,032 | RHS- | C] ()
emscavou.job -> F:\WINDOWS\tasks\emscavou.job -> [2009/12/09 03:51:01 | 00,000,322 | -HS- | C] ()
mlfcache.dat -> F:\WINDOWS\System32\mlfcache.dat -> [2009/12/05 22:01:39 | 00,021,220 | -H-- | C] ()
nod32drv.sys -> F:\WINDOWS\System32\drivers\nod32drv.sys -> [2009/11/18 18:27:18 | 00,015,424 | ---- | C] ()
sptd.sys -> F:\WINDOWS\System32\drivers\sptd.sys -> [2009/11/18 14:09:35 | 00,691,696 | ---- | C] ()
RtlCPAPI.dll -> F:\WINDOWS\System32\RtlCPAPI.dll -> [2009/11/18 08:22:07 | 00,135,168 | R--- | C] ()
xlive.dll.cat -> F:\WINDOWS\System32\xlive.dll.cat -> [2009/11/06 10:58:04 | 00,178,975 | ---- | C] ()
nvwdmcpl.dll -> F:\WINDOWS\System32\nvwdmcpl.dll -> [2009/01/15 08:19:00 | 01,724,416 | ---- | C] ()
nview.dll -> F:\WINDOWS\System32\nview.dll -> [2009/01/15 08:19:00 | 01,507,328 | ---- | C] ()
nvwimg.dll -> F:\WINDOWS\System32\nvwimg.dll -> [2009/01/15 08:19:00 | 01,101,824 | ---- | C] ()
nvshell.dll -> F:\WINDOWS\System32\nvshell.dll -> [2009/01/15 08:19:00 | 00,466,944 | ---- | C] ()
physxcudart_20.dll -> F:\WINDOWS\System32\physxcudart_20.dll -> [2008/10/07 09:13:30 | 00,197,912 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> F:\WINDOWS\System32\AgCPanelTraditionalChinese.dll -> [2008/10/07 09:13:22 | 00,058,648 | ---- | C] ()
AgCPanelSwedish.dll -> F:\WINDOWS\System32\AgCPanelSwedish.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSpanish.dll -> F:\WINDOWS\System32\AgCPanelSpanish.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> F:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelPortugese.dll -> F:\WINDOWS\System32\AgCPanelPortugese.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelKorean.dll -> F:\WINDOWS\System32\AgCPanelKorean.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelJapanese.dll -> F:\WINDOWS\System32\AgCPanelJapanese.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelGerman.dll -> F:\WINDOWS\System32\AgCPanelGerman.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
AgCPanelFrench.dll -> F:\WINDOWS\System32\AgCPanelFrench.dll -> [2008/10/07 09:13:20 | 00,058,648 | ---- | C] ()
GlobalUserInterface.CompositeFont -> F:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 00,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> F:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 00,026,489 | ---- | C] ()
GlobalSerif.CompositeFont -> F:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 00,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> F:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 00,026,040 | ---- | C] ()
< End of report >

peku006

2009-12-28, 10:28

Hi Mareg

Please download GooredFix.exe (http://jpshortstuff.247fixes.com/GooredFix.exe)...by jpshortstuff.
Save it to your desktop... Alternate Site (http://downloads.securitycadets.com/GooredFix.exe).
Ensure all Firefox windows are closed.
Double-click GooredFix.exe to run it.
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log file will open... named "GooredFix.txt".
Please copy and paste the contents of the GooredFix.txt file in your next reply.

Thanks peku006

Mareg

2009-12-30, 20:11

GooredFix by jpshortstuff (28.12.09.1)
Log created at 14:09 on 30/12/2009 (AkumaHokoru)
Firefox version 3.5.6 (en-US)

========== GooredScan ==========

========== GooredLog ==========

F:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:32 16/12/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [19:28 18/11/2009]

F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Firefox\Profiles\9y85ykx7.default\extensions\
justintvpublisher@justin.tv [00:47 23/12/2009]
{20a82645-c095-46ed-80e3-08825760534b} [02:39 16/12/2009]
{73a6fe31-595d-460b-a920-fcc0f8843232} [02:39 16/12/2009]
{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [02:41 16/12/2009]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [02:54 16/12/2009]

F:\Documents and Settings\AkumaHokoru\Application Data\Mozilla\Firefox\Profiles\hi6oec7u.default\extensions\
{73a6fe31-595d-460b-a920-fcc0f8843232} [09:04 18/11/2009]
{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [09:04 18/11/2009]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [09:04 18/11/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="F:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:28 18/11/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:02 19/11/2009]

-=E.O.F=-

peku006

2009-12-31, 07:53

Hi Mareg

Download RootRepeal from the following location and save it to your desktop.

Link 1 (http://rootrepeal.googlepages.com/RootRepeal.zip)
Link 2 (http://ad13.geekstogo.com/RootRepeal.zip)
Link 3 (http://rootrepeal.psikotick.com/RootRepeal.zip)

Unzip it to your Desktop
Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT

Click the OK button
Check the box for your main system drive (Usually C:), and Click OK to start the scan

The scan can take some time. DO NOT run any other programs while the scan is running

When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

Thanks peku006

peku006

2010-01-05, 10:41

Due to a lack of response, this topic is now closed

If you still require help, please open a new thread in the Malware Removal forum (http://forums.spybot.info/forumdisplay.php?f=22), include a
fresh HijackThis log, and wait for a new helper.

Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)