help with the always fun trojan.gen

**MIZCHIFMKR** · 2011-07-30, 04:11

Thank you ahead of time for any help given.
ive seen some threads regarding this however they say its usually user specific so here is mine.
I did run an erunt backup
i am currently running windows xp64 and when i try to run dds it says that it is not supported so i cannot post it.
I just installed avast and received a virus detected notice that is basically is continually being detected, by that i mean avast is continually notifying me of this detection (pretty annoying after a while lol).
the info i am getting is the following
folder and file name:
C:\WINDOWS\WindowsUpdate\update.exe
size of file:
594432
virus description:
win32:trojan-gen

could it just be a false positive?
any help would be greatly appreciated. thank you so much!

**shelf life** · 2011-08-03, 22:49

Its malware. If you havent yet download and run malwarebytes and post its log:

lease download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

**MIZCHIFMKR** · 2011-08-04, 00:25

Thank you. I will do that tonight. I actually did run malwarebytes and avast isnt freaking out anymore like it was before. however i just realized i didnt do a follow up scan to make sure its no longer there. I will do it tonight and post the log. thank you for your help!

**MIZCHIFMKR** · 2011-08-05, 23:19

I reran malwarebytes and it looks like i have a clean bill of health. thank you for your help. sorry i thought it would be more difficult than that the way it was popping up on my system

heres my log info:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7323

Windows 5.2.3790 Service Pack 2
Internet Explorer 8.0.6001.18702

8/5/2011 5:17:00 PM
mbam-log-2011-08-05 (17-17-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 279299
Time elapsed: 18 hour(s), 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**MIZCHIFMKR** · 2011-08-05, 23:29

oops hit send instead of preview. thank you for your help!

**shelf life** · 2011-08-06, 01:17

That log cant look any better. Not sure if DDS will run on a 64bit OS. Try this instead:

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)in your reply.

**MIZCHIFMKR** · 2011-08-06, 04:46

ok its alot tho lol.

here is the log.txt

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-08-05 22:07:20
Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 2
System drive C: has 7 GB (19%) free of 35 GB
Total RAM: 8191 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:27 PM, on 8/5/2011
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\SysWOW64\svchost.exe
C:\Program Files (x86)\Java\jre6\bin\jqs.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
D:\World of Warcraft\WoW.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
F2 - REG:system.ini: UserInit=userinit,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME (x86)\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [LUXEED] "C:\Program Files (x86)\luxeed\luxeed.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LUXEED] C:\Program Files (x86)\luxeed\luxeed.exe
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3734080060-994348802-1422985257-1003\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NETGEAR WNDA3100v2 Smart Wizard.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1274762643781
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6550D47-C30B-43F1-9D3A-E22BCE366F6D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)
O23 - Service: WSWNDA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

--
End of file - 10761 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3734080060-994348802-1422985257-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3734080060-994348802-1422985257-500UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4uufx9uj.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908, {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, jqs@sun.com:1.0, compatibility@addons.mozilla.org:0.8, testpilot@labs.mozilla.com:1.0.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=D:\Program Files\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4]
"Description"=Office Live Update v1.4
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
libvlc.dll
npContribute.dll
npdeployJava1.dll
NPOFF12.DLL
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npvlc.dll
QuickTimePlugin.class
vlcintf.xpt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4uufx9uj.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4uufx9uj.default\searchplugins\
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-07-04 820864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME (x86)\imjp8_1\IMJPMIG.EXE [2007-02-18 107520]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2005-03-25 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2005-03-25 455168]
"RemoteControl9"=C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]
"PDVD9LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2009-11-19 75048]
"InstantBurn"=C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [2007-06-04 599600]
"googletalk"=C:\Program Files (x86)\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"LUXEED"=C:\Program Files (x86)\luxeed\luxeed.exe [2010-04-11 2519040]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"IJNetworkScanUtility"=C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-08-24 206240]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-07-04 3493720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2005-03-25 15360]
"Power2GoExpress"= []
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-10 136176]
"LUXEED"=C:\Program Files (x86)\luxeed\luxeed.exe [2010-04-11 2519040]
"OpenDNS Updater"=C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [2010-06-16 839680]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-08-03 5464448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
NETGEAR WNDA3100v2 Smart Wizard.lnk - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
Windows Search.lnk - C:\Program Files (x86)\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\EFS]
C:\WINDOWS\system32\sclgntfy.dll [2005-03-25 19968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=lsass.exe []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWinKeys"=0x01000000
"NoSharedDocuments"=0x01000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe"="C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*:Enabled:Launcher.exe"
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files (x86)\Windows Live\Messenger\livecall.exe"="C:\Program Files (x86)\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"J:\Files\World of Warcraft\Launcher.exe"="J:\Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files (x86)\Google\Google Talk\googletalk.exe"="C:\Program Files (x86)\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"D:\World of Warcraft\Launcher.patch.exe"="D:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"="C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files (x86)\BitTorrent\BitTorrent.exe"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"D:\StarCraft II\StarCraft II.exe"="D:\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files (x86)\Windows Live\Messenger\livecall.exe"="C:\Program Files (x86)\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iv50"=C:\WINDOWS\SysWOW64\ir50_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.l3acm"=C:\WINDOWS\SysWOW64\l3codeca.acm
"msacm.clmp3enc"=C:\PROGRA~2\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.siren"=sirenacm.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsvid.dll

======List of files/folders created in the last 3 months======

2011-08-05 22:07:21 ----D---- C:\Program Files (x86)\trend micro
2011-08-05 22:07:20 ----D---- C:\rsit
2011-07-29 22:17:06 ----D---- C:\Documents and Settings\Administrator\Application Data\Regensoft
2011-07-29 21:58:39 ----D---- C:\Program Files (x86)\ERUNT
2011-07-29 21:20:37 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2011-07-29 21:20:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-07-29 21:20:14 ----A---- C:\WINDOWS\SysWOW64\drivers\mbamswissarmy.sys
2011-07-29 21:20:11 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-29 21:12:21 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-29 21:12:21 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-07-29 21:12:17 ----D---- C:\Documents and Settings\All Users\Application Data\!SASCORE
2011-07-29 21:05:00 ----A---- C:\WINDOWS\SysWOW64\aswBoot.exe
2011-07-29 21:05:00 ----A---- C:\WINDOWS\avastSS.scr
2011-07-29 21:04:53 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-07-29 20:23:55 ----D---- C:\Documents and Settings\Administrator\Application Data\OpenDNS Updater
2011-07-29 20:23:54 ----D---- C:\Program Files (x86)\OpenDNS Updater
2011-07-27 18:53:55 ----D---- C:\Program Files (x86)\BitTorrent
2011-07-27 18:53:00 ----D---- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2011-07-14 17:09:51 ----D---- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
2011-07-14 17:09:50 ----D---- C:\Program Files (x86)\Canon
2011-07-14 17:09:46 ----A---- C:\WINDOWS\SysWOW64\CNC5200L.dll
2011-07-14 17:09:45 ----A---- C:\WINDOWS\SysWOW64\CNHMCA.dll
2011-07-14 17:09:45 ----A---- C:\WINDOWS\SysWOW64\CNC5200U.dll
2011-07-14 17:09:30 ----A---- C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2011-07-14 17:09:20 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2011-07-13 16:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-13 16:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-11 20:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2492386$
2011-07-11 20:16:25 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2011-07-11 20:15:58 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-07-11 20:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2525694$
2011-07-11 20:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-07-11 20:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-07-11 20:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-07-11 20:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-07-11 20:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-07-11 20:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-07-11 20:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-07-11 19:47:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-07-11 19:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-07-11 19:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-07-11 19:47:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-07-11 19:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-07-11 18:48:46 ----D---- C:\Program Files (x86)\luxeed
2011-07-11 18:42:17 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-11 18:11:14 ----D---- C:\Program Files (x86)\Common Files\Java
2011-07-11 18:11:01 ----A---- C:\WINDOWS\SysWOW64\javaws.exe
2011-07-11 18:11:01 ----A---- C:\WINDOWS\SysWOW64\javaw.exe
2011-07-11 18:11:01 ----A---- C:\WINDOWS\SysWOW64\java.exe
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\wininet.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\urlmon.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\mshtml.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\msfeeds.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\iertutil.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\iepeers.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\ieframe.dll
2011-05-21 06:01:00 ----A---- C:\WINDOWS\SysWOW64\nvapi.dll

======List of files/folders modified in the last 3 months======

2011-08-05 22:07:21 ----RD---- C:\Program Files (x86)
2011-08-05 22:07:04 ----D---- C:\WINDOWS\Prefetch
2011-08-05 21:29:29 ----D---- C:\WINDOWS\Temp
2011-08-04 14:19:26 ----D---- C:\WINDOWS\system32
2011-08-04 13:18:24 ----D---- C:\Program Files (x86)\Common Files\Akamai
2011-08-03 19:53:22 ----D---- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2011-08-03 19:53:22 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2011-07-30 00:24:24 ----RSHD---- C:\WINDOWS\WindowsUpdate
2011-07-29 22:16:02 ----D---- C:\WINDOWS
2011-07-29 21:20:14 ----D---- C:\WINDOWS\SysWOW64\Drivers
2011-07-29 21:12:15 ----RD---- C:\Program Files
2011-07-29 21:05:09 ----D---- C:\WINDOWS\SysWOW64
2011-07-29 21:05:07 ----SHD---- C:\WINDOWS\Installer
2011-07-29 21:05:04 ----D---- C:\WINDOWS\WinSxS
2011-07-28 12:33:18 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2011-07-27 19:21:56 ----SD---- C:\WINDOWS\Tasks
2011-07-27 19:21:55 ----D---- C:\Program Files (x86)\Common Files\Adobe
2011-07-27 19:21:48 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-07-27 19:21:08 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2011-07-27 19:20:38 ----D---- C:\Program Files (x86)\Adobe
2011-07-27 19:00:44 ----D---- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
2011-07-27 18:40:01 ----HD---- C:\WINDOWS\inf
2011-07-26 13:01:06 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-07-14 17:09:50 ----D---- C:\WINDOWS\twain_32
2011-07-14 17:09:48 ----D---- C:\WINDOWS\Media
2011-07-13 16:53:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-07-13 16:53:23 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-13 16:53:06 ----A---- C:\WINDOWS\imsins.BAK
2011-07-11 21:09:20 ----RSD---- C:\WINDOWS\assembly
2011-07-11 21:09:20 ----D---- C:\WINDOWS\Microsoft.NET
2011-07-11 20:41:58 ----D---- C:\WINDOWS\AppPatch
2011-07-11 20:26:04 ----A---- C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2011-07-11 20:18:24 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-07-11 20:18:23 ----D---- C:\Program Files (x86)\Internet Explorer
2011-07-11 20:16:25 ----D---- C:\Documents and Settings
2011-07-11 20:16:20 ----D---- C:\WINDOWS\Help
2011-07-11 20:00:59 ----D---- C:\WINDOWS\ie8updates
2011-07-11 18:11:14 ----D---- C:\Program Files (x86)\Common Files
2011-07-11 18:10:58 ----D---- C:\Program Files (x86)\Java
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\occache.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\mstime.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\mshtmled.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\msfeedsbs.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\licmgr10.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\jsproxy.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\iedkcs32.dll
2011-05-31 04:25:04 ----A---- C:\WINDOWS\SysWOW64\ie4uinit.exe
2011-05-21 06:01:00 ----A---- C:\WINDOWS\SysWOW64\OpenCL.dll
2011-05-21 06:01:00 ----A---- C:\WINDOWS\SysWOW64\nvwddi.dll
2011-05-21 06:01:00 ----A---- C:\WINDOWS\SysWOW64\nvogl32.dll
2011-05-21 06:01:00 ----A---- C:\WINDOWS\SysWOW64\nvcuvid.dll
2011-05-21 06:01:00 ----A---- C:\WINDOWS\SysWOW64\nvcuvenc.dll
2011-05-21 06:01:00 ----A---- C:\WINDOWS\SysWOW64\nvcuda.dll
2011-05-21 06:01:00 ----A---- C:\WINDOWS\SysWOW64\nvcompiler.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys []
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys []
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys []
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
R1 AmdPPM64;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM64.sys []
R1 aswRdr;aswRdr; C:\WINDOWS\SysWOW64\drivers\aswRdr.sys []
R1 aswSP;aswSP; C:\WINDOWS\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\SysWOW64\drivers\aswTdi.sys []
R1 CLBStor;InstantBurn Storage Helper Driver; C:\WINDOWS\SysWOW64\drivers\CLBStor.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys []
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2008/01/02 15:30:22]; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 CdaC15BA;CdaC15BA; C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys []
R2 CdaD10BA;CdaD10BA; C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys []
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; C:\WINDOWS\SysWOW64\drivers\CLBUDF.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys []
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys []
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKHDA64.SYS []
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys []
R3 ksthunk;Kernel Streaming WOW64 Thunk Service; C:\WINDOWS\system32\drivers\ksthunk.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys []
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS []
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys []
R3 yukonx64;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x64.sys []
S1 aswSnx;aswSnx; C:\WINDOWS\SysWOW64\drivers\aswSnx.sys []
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwlhigh564.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys []
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys []
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\DRIVERS\npf.sys []
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys []
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys []
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys []
S4 adpu320;adpu320; C:\WINDOWS\SysWOW64\drivers\adpu320.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\SysWOW64\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\SysWOW64\drivers\arc.sys []
S4 iirsp;iirsp; C:\WINDOWS\SysWOW64\drivers\iirsp.sys []
S4 symmpi;symmpi; C:\WINDOWS\SysWOW64\drivers\symmpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2007-02-18 14848]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-07-04 42184]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files (x86)\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-06-27 79136]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc64.exe []
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 2297216]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe /Embedding []
R2 WSWNDA3100;WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-11-04 278528]
S2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-03 146816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2008-07-25 46088]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-10 136120]
S3 IASJet;IAS Jet Database Access; C:\WINDOWS\SysWOW64\svchost.exe [2007-02-18 14848]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 859648]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 160784]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe []
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-02-18 14848]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 clr_optimization_v2.0.50727_64;.NET Runtime Optimization Service v2.0.50727_x64; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-25 93184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 119808]

-----------------EOF-----------------

**MIZCHIFMKR** · 2011-08-06, 04:47

and here is the info.txt

info.txt logfile of random's system information tool 1.09 2011-08-05 22:07:29

======Uninstall list======

-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10u_Plugin.exe -maintain plugin
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Reader X (10.1.0)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Akamai NetSession Interface-->C:\Program Files (x86)\Common Files\Akamai\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files (x86)\ATI Technologies\UninstallAll\AtiCimUn.exe
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
AviSynth 2.5-->"C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe"
BitTorrent-->"C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /UNINSTALL
Canon IJ Network Scan Utility-->"C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSU.exe" /UninstallRemove C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\uninst.ini
Canon IJ Network Tool-->C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exe
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
CDK Players-->C:\WINDOWS\Uninstall CDK.exe
CyberLink InstantBurn-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}\Setup.exe" -l0x9 -uninstall
CyberLink PowerDVD 9-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
Fraps (remove only)-->"D:\Fraps\uninstall.exe"
Google Talk (remove only)-->"C:\Program Files (x86)\Google\Google Talk\uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{669A032D-4E28-3D11-BB26-8AD5D51EFE87}
Hi-Def Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LightScribe Optical Disc Kit-->MsiExec.exe /X{71F17309-007D-43F9-9313-DBFBA5FCB3B3}
Logitech SetPoint-->"C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Luxeed-->"C:\Program Files (x86)\luxeed\unins000.exe"
Malwarebytes' Anti-Malware version 1.51.1.1800-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mozilla Firefox 5.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
NETGEAR WNDA3100v2 wireless USB 2.0 adapter-->C:\Program Files (x86)\InstallShield Installation Information\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
OpenDNS Updater 2.2.1-->"C:\Program Files (x86)\OpenDNS Updater\Uninstall.exe"
Picasa 3-->"D:\Program Files\Picasa3\Uninstall.exe"
Power2Go 5.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PSP Video 9 6-->D:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
PxMergeModule-->MsiExec.exe /I{024521CF-C07E-4F8E-8481-0D75695E03AF}
QuickTime Alternative 2.2.0-->"C:\Program Files (x86)\QuickTime Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {8EAF4926-5B5D-398A-BA46-4603D8095BDE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft Office 2007 System (KB2541012)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D}
Security Update for Microsoft Office Excel 2007 (KB2541007)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Skype Toolbars-->MsiExec.exe /I{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Sony PSP Media Manager 1.0a-->MsiExec.exe /X{7BEA122E-E255-44D4-B259-CC2637B6EBD7}
StarCraft II-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
TweakUI for Windows 64-Bit-->MsiExec.exe /X{FBE87834-E5DB-41E6-8A11-0979F9DF8E12}
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {1365864D-4C58-489D-9982-844D75691CCC}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (KB2553975)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {59D8F1FE-7B08-4F0E-840C-D1BF93D22A6C}
VideoLAN VLC media player 0.8.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Wallpaperio PSP Maker 3-->D:\Program Files\Red Kawa\Wallpaper Maker App\uninstaller.exe
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
YouTube Downloader App 3.00-->C:\Program Files (x86)\Regensoft\Downloader App\uninstaller.exe

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: DANASADORK
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Record Number: 71
Source Name: SideBySide
Time Written: 20080101165139.000000-300
Event Type: Error
User:

Computer Name: DANASADORK
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 54
Source Name: DCOM
Time Written: 20080101164920.000000-300
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: DANASADORK
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 53
Source Name: DCOM
Time Written: 20080101164920.000000-300
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: DANASADORK
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 28
Source Name: DCOM
Time Written: 20080101163255.000000-300
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: DANASADORK
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 27
Source Name: DCOM
Time Written: 20080101163254.000000-300
Event Type: Error
User: NT AUTHORITY\LOCAL SERVICE

=====Application event log=====

Computer Name: MACHINENAME
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 26
Source Name: WinMgmt
Time Written: 20080101162723.000000-300
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MACHINENAME
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 25
Source Name: WinMgmt
Time Written: 20080101162723.000000-300
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MACHINENAME
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20080101162422.000000-300
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MACHINENAME
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20080101162422.000000-300
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: MACHINENAME
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20080101162421.000000-300
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: MACHINENAME
Event Code: 576
Message: Special privileges assigned to new logon:

User Name:

Domain:

Logon ID: (0x0,0x3E4)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege

Record Number: 5
Source Name: Security
Time Written: 20080101162130.000000-300
Event Type: Audit Success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: MACHINENAME
Event Code: 528
Message: Successful Logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Caller User Name: MACHINENAME$

Caller Domain:

Caller Logon ID: (0x0,0x3E7)

Caller Process ID: 280

Transited Services: -

Source Network Address: -

Source Port: -

Record Number: 4
Source Name: Security
Time Written: 20080101162130.000000-300
Event Type: Audit Success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: MACHINENAME
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeImpersonatePrivilege

Record Number: 3
Source Name: Security
Time Written: 20080101162130.000000-300
Event Type: Audit Success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: MACHINENAME
Event Code: 528
Message: Successful Logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Caller User Name: MACHINENAME$

Caller Domain:

Caller Logon ID: (0x0,0x3E7)

Caller Process ID: 280

Transited Services: -

Source Network Address: -

Source Port: -

Record Number: 2
Source Name: Security
Time Written: 20080101162130.000000-300
Event Type: Audit Success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: MACHINENAME
Event Code: 612
Message: Audit Policy Change:

New Policy:

Success Failure

+ - Logon/Logoff

- - Object Access

- - Privilege Use

- - Account Management

- - Policy Change

- - System

- - Detailed Tracking

- - Directory Service Access

+ - Account Logon

Changed By:

User Name: MACHINENAME$

Domain Name:

Logon ID: (0x0,0x3E7)

Record Number: 1
Source Name: Security
Time Written: 20080101111605.000000-300
Event Type: Audit Success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

thank you again for your help ^_^

**shelf life** · 2011-08-06, 20:34

Thanks for the info. All looks good to me.

Thread: help with the always fun trojan.gen

Thread Tools

Display

help with the always fun trojan.gen

Posting Permissions