First here is an example of where the trojan is always found by malwarebytes pro
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{66ddfb55-1287-497e-a988-c81d22dc3513}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{66ddfb55-1287-497e-a988-c81d22dc3513}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{66ddfb55-1287-497e-a988-c81d22dc3513}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67 85.255.112.200 -> Quarantined and deleted successfully.
Now the log txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Edward Berrecloth at 2008-10-16 23:18:13
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (75%) free of 30 GB
Total RAM: 2047 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:29, on 16/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NOD32\egui.exe
C:\WINDOWS\system32\CTHELPER.EXE
F:\Microsoft office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rogue remover pro\Update\RogueRemover PRO\RogueRemoverPRO.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avg Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DK\DkService.exe
C:\Program Files\NOD32\ekrn.exe
C:\Program Files\Malwarebytes pro\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes pro\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Itunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Edward Berrecloth\Desktop\RSIT.exe
C:\Program Files\Hijackthis\Edward Berrecloth.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Microsoft office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\NOD32\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Microsoft office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan remover\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\Rogue remover pro\Update\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Microsoft office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SAS\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Avg Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\DK\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\NOD32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\NOD32\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes pro\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero ultra\Nero 7\Nero BackItUp\NBService.exe
--
End of file - 6260 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\WinXP Manager Live Update.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - F:\Microsoft office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\NOD32\egui.exe [2008-07-01 1447168]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2007-04-09 19456]
"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"GrooveMonitor"=F:\Microsoft office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"iTunesHelper"=C:\Program Files\Itunes\iTunesHelper.exe [2008-10-01 289576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"TrojanScanner"=C:\Program Files\Trojan remover\Trojan Remover\Trjscan.exe [2008-10-09 967048]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2003-06-20 49152]
"RogueMonitor"=C:\Program Files\Rogue remover pro\Update\RogueRemover PRO\RogueRemoverPRO.exe [2008-02-24 421568]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Avg Anti-Spyware\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\Daemon tools\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
C:\Program Files\DK\DkIcon.exe [2005-04-30 196696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
C:\Program Files\Gadwin printscreen\PrintScreen\PrintScreen.exe [2007-08-20 495616]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-10-09 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SAS\SUPERAntiSpyware.exe [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
C:\PROGRA~1\Samsung\NATURA~1.EXE [2002-04-12 155715]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\Windows Desktop Search\WindowsSearch.exe /startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Edward Berrecloth^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
C:\PROGRA~1\Samsung\NATURA~1.EXE [2002-04-12 155715]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Edward Berrecloth^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
F:\MICROS~1\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SAS\SASWINLO.dll [2008-07-23 352256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=F:\Microsoft office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Avg Anti-Spyware\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SAS\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\Microsoft office\Office12\OUTLOOK.EXE"="F:\Microsoft office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"F:\Microsoft office\Office12\GROOVE.EXE"="F:\Microsoft office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"F:\Microsoft office\Office12\ONENOTE.EXE"="F:\Microsoft office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Steam\SteamApps\edd678\team fortress 2\hl2.exe"="E:\Steam\SteamApps\edd678\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Bitlord\BitLord.exe"="C:\Program Files\Bitlord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Utorrent\uTorrent.exe"="C:\Program Files\Utorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Itunes\iTunes.exe"="C:\Program Files\Itunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ffb3ff5-8423-11dd-9470-806d6172696f}]
shell\AutoRun\command - G:\SETUP.EXE /UPDATE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c31bb77a-87f5-11dd-b57c-000129fc4003}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com
shell\Open\command - resycled\boot.com
======List of files/folders created in the last 1 months======
2008-10-16 23:18:13 ----D---- C:\rsit
2008-10-15 17:22:34 ----D---- C:\Program Files\Spyware blaster
2008-10-15 17:17:54 ----D---- C:\Program Files\Hosts
2008-10-14 19:46:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-14 19:44:18 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2008-10-14 19:44:18 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2008-10-14 19:44:18 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2008-10-14 19:44:18 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2008-10-14 19:44:18 ----A---- C:\WINDOWS\system32\unacev2.dll
2008-10-14 19:43:57 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\Simply Super Software
2008-10-14 19:43:57 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-10-14 19:25:24 ----A---- C:\WINDOWS\IsUninst.exe
2008-10-14 19:22:53 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-14 19:16:49 ----D---- C:\NVIDIA
2008-10-14 19:14:23 ----D---- C:\Program Files\DCPRO
2008-10-14 19:11:04 ----AD---- C:\Program Files\nv4loopfix
2008-10-14 18:59:40 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-14 18:59:36 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\SystemRequirementsLab
2008-10-14 16:36:54 ----D---- C:\fixwareout
2008-10-14 14:11:37 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-14 12:45:08 ----D---- C:\Program Files\Combofix
2008-10-14 11:08:22 ----D---- C:\WINDOWS\ERUNT
2008-10-13 23:59:29 ----D---- C:\SDFix
2008-10-13 18:36:40 ----D---- C:\Program Files\DR.Web cureit
2008-10-13 17:43:09 ----D---- C:\Program Files\ATF clean
2008-10-13 17:11:01 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-10-13 17:11:01 ----A---- C:\WINDOWS\system32\swsc.exe
2008-10-13 17:11:01 ----A---- C:\WINDOWS\system32\swreg.exe
2008-10-13 17:09:59 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-13 16:01:43 ----D---- C:\Program Files\Trojan remover
2008-10-13 14:37:26 ----SHD---- C:\RECYCLER
2008-10-13 14:30:24 ----A---- C:\WINDOWS\SWREG.exe
2008-10-13 14:30:24 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-13 14:30:23 ----A---- C:\WINDOWS\zip.exe
2008-10-13 14:30:23 ----A---- C:\WINDOWS\VFIND.exe
2008-10-13 14:30:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-13 14:30:23 ----A---- C:\WINDOWS\SWSC.exe
2008-10-13 14:30:23 ----A---- C:\WINDOWS\sed.exe
2008-10-13 14:30:23 ----A---- C:\WINDOWS\grep.exe
2008-10-13 14:30:23 ----A---- C:\WINDOWS\fdsv.exe
2008-10-13 14:18:08 ----D---- C:\WINDOWS\ERDNT
2008-10-13 12:34:36 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-13 12:34:18 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\SUPERAntiSpyware.com
2008-10-13 12:33:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-13 12:33:34 ----D---- C:\Program Files\SAS
2008-10-12 21:47:49 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-12 21:46:14 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-12 21:45:35 ----D---- C:\Program Files\Common Files\Adobe
2008-10-12 21:45:35 ----D---- C:\Program Files\Adobe
2008-10-12 21:40:42 ----D---- C:\Program Files\NOS
2008-10-12 21:40:42 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-11 22:13:17 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-10-11 22:12:44 ----D---- C:\Program Files\MSXML 4.0
2008-10-11 19:49:46 ----D---- C:\Program Files\Rootkit fix
2008-10-11 17:21:04 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-10-11 17:21:04 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-10-11 17:21:03 ----A---- C:\WINDOWS\system32\WS2Fix.exe.vir
2008-10-11 17:21:03 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-10-11 17:21:03 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-10-11 17:21:02 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-10-11 17:21:02 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-10-11 17:21:02 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-10-10 11:09:10 ----D---- C:\Program Files\Quicktime
2008-10-09 20:41:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-09 20:40:26 ----D---- C:\Program Files\Spybot SD
2008-10-08 14:44:30 ----D---- C:\Program Files\Gadwin printscreen
2008-10-07 21:47:26 ----D---- C:\Program Files\Google
2008-10-07 21:46:57 ----D---- C:\Program Files\Google Earth
2008-10-07 21:07:44 ----D---- C:\Program Files\fixwareout
2008-10-07 12:05:12 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\LimeWire
2008-10-07 11:51:50 ----D---- C:\WINDOWS\Minidump
2008-10-07 11:47:44 ----D---- C:\Program Files\iPod
2008-10-07 11:47:42 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 10:25:47 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\SuperNZB
2008-10-06 10:24:19 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\NewzToolz-EZ
2008-10-06 10:23:43 ----D---- C:\Program Files\NewzToolz-EZ
2008-10-05 21:43:18 ----D---- C:\WINDOWS\system32\Adobe
2008-10-05 18:48:35 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\uTorrent
2008-10-05 18:47:31 ----D---- C:\Program Files\Utorrent
2008-10-02 18:40:56 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\Grisoft
2008-10-02 18:40:06 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-30 19:04:17 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-30 19:02:46 ----D---- C:\Program Files\Smitfraudfix
2008-09-30 18:55:18 ----D---- C:\Program Files\Hijackthis
2008-09-30 18:40:47 ----D---- C:\Program Files\Common Files\Logitech
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\msxml4r.dll
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\msxml4a.dll
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\msvcr71.dll
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\msvcp71.dll
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\MFC71u.dll
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\MFC71KOR.DLL
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\MFC71JPN.DLL
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\MFC71ITA.DLL
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\MFC71ESP.DLL
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\MFC71DEU.DLL
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\MFC71CHT.DLL
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\MFC71CHS.DLL
2008-09-30 18:40:42 ----AC---- C:\WINDOWS\system32\capicom.dll
2008-09-30 18:40:42 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
2008-09-30 18:40:41 ----AC---- C:\WINDOWS\system32\MFC71.dll
2008-09-30 18:40:41 ----AC---- C:\WINDOWS\system32\gdiplus.dll
2008-09-30 18:40:41 ----AC---- C:\WINDOWS\system32\atl71.dll
2008-09-30 18:40:03 ----D---- C:\Program Files\Logitech
2008-09-24 19:55:03 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\Mozilla
2008-09-24 19:53:52 ----D---- C:\Program Files\Firefox
2008-09-24 15:27:28 ----AC---- C:\WINDOWS\system32\eaxac3.dll
2008-09-23 19:23:43 ----D---- C:\Program Files\Microsoft Silverlight
2008-09-23 19:23:07 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-09-23 19:23:07 ----D---- C:\Program Files\Windows Desktop Search
2008-09-23 19:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-09-23 19:19:06 ----D---- C:\WINDOWS\system32\URTTEMP
2008-09-23 17:45:10 ----RSD---- C:\WINDOWS\assembly
2008-09-23 17:44:37 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-23 16:52:59 ----D---- C:\WINDOWS\Sun
2008-09-23 16:52:58 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\Sun
2008-09-23 16:01:08 ----D---- C:\Program Files\Marvell
2008-09-23 15:51:45 ----AC---- C:\WINDOWS\system32\CapabilityTable.exe
2008-09-23 15:51:39 ----RAC---- C:\WINDOWS\system32\nvuide.exe
2008-09-23 15:50:52 ----RAC---- C:\WINDOWS\system32\fdco1.dll
2008-09-23 15:50:44 ----AC---- C:\WINDOWS\system32\nvunrm.exe
2008-09-23 15:50:41 ----RAC---- C:\WINDOWS\system32\nvconrm.dll
2008-09-23 15:50:41 ----RAC---- C:\WINDOWS\system32\bdco1.dll
2008-09-23 15:50:35 ----RAC---- C:\WINDOWS\system32\nvusmb.exe
2008-09-23 15:50:34 ----AC---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-23 15:38:51 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\Help
2008-09-22 14:50:16 ----AC---- C:\WINDOWS\system32\javaws.exe
2008-09-22 14:50:16 ----AC---- C:\WINDOWS\system32\javaw.exe
2008-09-22 14:50:16 ----AC---- C:\WINDOWS\system32\java.exe
2008-09-22 14:49:07 ----D---- C:\Program Files\Java
2008-09-22 14:47:46 ----D---- C:\Program Files\Common Files\Java
2008-09-22 14:39:02 ----D---- C:\Program Files\Avg Anti-Spyware
2008-09-22 14:29:54 ----D---- C:\Program Files\Limewire
2008-09-21 16:54:15 ----D---- C:\Program Files\Ad-Aware
2008-09-20 21:00:58 ----D---- C:\Program Files\DK
2008-09-20 20:59:06 ----D---- C:\WINDOWS\system32\appmgmt
2008-09-20 16:54:02 ----D---- C:\WINDOWS\WBEM
2008-09-20 16:42:40 ----D---- C:\WINDOWS\LastGood(2)
2008-09-19 17:23:25 ----D---- C:\WINDOWS\ie7updates
2008-09-19 17:22:32 ----HDC---- C:\WINDOWS\ie7
2008-09-19 17:22:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-09-19 17:21:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-09-19 17:06:34 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-09-19 10:20:51 ----D---- C:\Program Files\Memory improve
2008-09-19 10:06:45 ----AC---- C:\WINDOWS\system32\wuapi.dll.mui
2008-09-18 23:29:52 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-09-18 23:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-09-18 23:29:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-18 23:28:55 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-09-18 19:19:21 ----RHD---- C:\MSOCache
2008-09-18 17:02:01 ----D---- C:\Program Files\Bitlord
2008-09-18 16:51:18 ----AC---- C:\WINDOWS\uninst.exe
2008-09-18 14:35:27 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-09-18 14:34:51 ----D---- C:\Program Files\Microsoft Works
2008-09-18 14:34:45 ----D---- C:\Program Files\MSBuild
2008-09-18 14:34:29 ----D---- C:\Program Files\Microsoft Visual Studio
2008-09-18 14:34:29 ----D---- C:\Program Files\Common Files\DESIGNER
2008-09-18 14:32:05 ----D---- C:\WINDOWS\SHELLNEW
2008-09-18 14:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-17 21:51:11 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\DAEMON Tools
2008-09-17 21:50:46 ----D---- C:\Program Files\Daemon tools
2008-09-17 15:57:48 ----D---- C:\Program Files\Registry backup
2008-09-17 14:30:01 ----AC---- C:\WINDOWS\system32\Gif89.dll
2008-09-17 14:29:43 ----D---- C:\Program Files\Samsung
2008-09-17 14:07:43 ----C---- C:\WINDOWS\system32\spmsg.dll
2008-09-17 14:07:40 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-09-17 14:07:25 ----D---- C:\Program Files\Windows Media Connect 2
2008-09-17 14:07:20 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-09-17 14:06:40 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-09-17 14:06:17 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-17 14:06:13 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-09-17 13:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-17 13:34:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-17 13:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-17 13:34:30 ----SHD---- C:\Config.Msi
2008-09-17 13:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-17 13:33:42 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-09-17 13:33:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-17 13:33:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-17 13:33:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-17 13:33:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-17 13:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-17 13:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-17 13:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-17 13:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-17 13:32:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-17 13:32:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-17 13:26:29 ----AC---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-17 13:26:29 ----AC---- C:\WINDOWS\system32\mucltui.dll
2008-09-17 13:25:13 ----D---- C:\WINDOWS\Prefetch
======List of files/folders modified in the last 1 months======
2008-10-16 23:18:17 ----D---- C:\WINDOWS\Temp
2008-10-16 21:36:14 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-10-15 22:59:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-15 19:39:59 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-15 19:32:52 ----RD---- C:\Program Files
2008-10-15 19:32:50 ----D---- C:\WINDOWS\system32
2008-10-15 17:31:24 ----SHD---- C:\System Volume Information
2008-10-15 17:31:24 ----D---- C:\WINDOWS\system32\Restore
2008-10-15 17:29:03 ----SH---- C:\boot.ini
2008-10-15 17:29:03 ----AC---- C:\WINDOWS\win.ini
2008-10-15 17:29:03 ----A---- C:\WINDOWS\system.ini
2008-10-15 13:49:07 ----SHD---- C:\WINDOWS\Installer
2008-10-14 19:32:59 ----D---- C:\WINDOWS
2008-10-14 19:32:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-14 19:32:30 ----D---- C:\WINDOWS\Help
2008-10-14 19:31:33 ----HD---- C:\WINDOWS\inf
2008-10-14 19:27:13 ----D---- C:\WINDOWS\nview
2008-10-14 19:25:34 ----D---- C:\WINDOWS\system32\drivers
2008-10-14 19:19:41 ----D---- C:\WINDOWS\system32\config
2008-10-14 19:19:26 ----D---- C:\WINDOWS\system32\wbem
2008-10-14 19:19:26 ----D---- C:\WINDOWS\Registration
2008-10-14 19:01:59 ----SD---- C:\Documents and Settings\Edward Berrecloth\Application Data\Microsoft
2008-10-13 19:08:12 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-13 17:43:34 ----D---- C:\Program Files\Messenger
2008-10-13 17:43:33 ----D---- C:\Program Files\Creative
2008-10-13 14:31:43 ----D---- C:\WINDOWS\AppPatch
2008-10-13 14:31:43 ----D---- C:\Program Files\Common Files
2008-10-13 12:36:41 ----D---- C:\WINDOWS\pss
2008-10-12 21:52:10 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\Adobe
2008-10-11 22:12:44 ----D---- C:\WINDOWS\WinSxS
2008-10-10 11:09:13 ----D---- C:\Program Files\Common Files\Apple
2008-10-08 16:44:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-07 11:48:03 ----D---- C:\Program Files\Itunes
2008-10-07 11:46:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-07 11:46:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-30 22:42:54 ----D---- C:\WINDOWS\Debug
2008-09-30 18:46:54 ----D---- C:\WINDOWS\twain_32
2008-09-30 18:43:40 ----D---- C:\Program Files\NOD32
2008-09-30 18:40:39 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-24 19:30:29 ----D---- C:\WINDOWS\system32\Defaults
2008-09-24 18:02:34 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\Ahead
2008-09-23 19:41:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-23 19:23:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-23 19:23:10 ----D---- C:\WINDOWS\system32\en-us
2008-09-23 19:20:46 ----D---- C:\WINDOWS\system32\Data
2008-09-23 19:02:27 ----RD---- C:\WINDOWS\Web
2008-09-23 19:01:37 ----AC---- C:\WINDOWS\ODBCINST.INI
2008-09-23 18:29:09 ----SD---- C:\WINDOWS\Tasks
2008-09-23 17:44:42 ----D---- C:\Program Files\Internet Explorer
2008-09-23 17:44:41 ----D---- C:\WINDOWS\system32\mui
2008-09-23 17:21:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-22 13:05:51 ----D---- C:\Documents and Settings\Edward Berrecloth\Application Data\Apple Computer
2008-09-19 17:22:54 ----D---- C:\WINDOWS\Media
2008-09-19 17:04:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-19 10:07:01 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-18 14:34:11 ----RSD---- C:\WINDOWS\Fonts
2008-09-18 14:32:13 ----D---- C:\Program Files\Common Files\System
2008-09-17 14:07:25 ----D---- C:\Program Files\Windows Media Player
2008-09-17 13:24:56 ----D---- C:\WINDOWS\system32\Setup
2008-09-17 09:55:00 ----N---- C:\WINDOWS\system32\nv4_disp.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Avg Anti-Spyware\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SAS\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SAS\SASKUTIL.sys []
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MBAMDrvService;MBAMDrvService; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-09-06 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-09-06 55936]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2004-04-06 646128]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2004-04-29 374000]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2004-03-16 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2004-03-16 130384]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2004-03-16 147088]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2004-06-16 952144]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\System32\drivers\hap17v2k.sys [2004-05-03 147696]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-01-12 12928]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2004-03-16 178736]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 Razerlow;Razerlow USB Filter Driver; C:\WINDOWS\System32\Drivers\Razerlow.sys [2005-04-24 13225]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S1 project; service tool ; C:\WINDOWS\System32\Drivers\register.sys [2001-11-28 1950]
S3 affhousm;affhousm; C:\WINDOWS\system32\drivers\affhousm.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2004-03-16 118868]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2004-03-16 692306]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2004-03-15 337056]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2004-03-16 606208]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2004-05-03 150160]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\70C9.tmp []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-01-12 33408]
S3 SASENUM;SASENUM; \??\C:\Program Files\SAS\SASENUM.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Avg Anti-Spyware\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Diskeeper;Diskeeper; C:\Program Files\DK\DkService.exe [2005-04-30 622700]
R2 ekrn;Eset Service; C:\Program Files\NOD32\ekrn.exe [2008-07-01 468224]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes pro\Malwarebytes' Anti-Malware\mbamservice.exe [2008-09-10 110256]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\NOD32\EHttpSrv.exe [2008-07-01 19200]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; F:\Microsoft office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero ultra\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
and the other
info.txt logfile of random's system information tool 1.04 2008-10-16 23:18:31
======Uninstall list======
-->"C:\Program Files\Creative\Program\Ctzapxx.EXE" /W /U /S
-->C:\Program Files\Nero ultra\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-aware 6 Professional-->C:\PROGRA~1\Ad-Aware\Ad-aware 6\UNWISE.EXE C:\PROGRA~1\Ad-Aware\Ad-aware 6\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Anti-Spyware 7.5-->C:\Program Files\Avg Anti-Spyware\AVG Anti-Spyware 7.5\Uninstall.exe
BitLord 1.1-->C:\Program Files\Bitlord\uninst.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\Cc cleaner\CCleaner\uninst.exe"
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
DH Driver Cleaner Professional Edition-->C:\Program Files\DCPRO\Driver Cleaner Pro\Uninstall.exe
Diskeeper Lite-->MsiExec.exe /X{28FED8EB-1150-4333-A6C4-67FFB46681BC}
ESET NOD32 Antivirus-->MsiExec.exe /I{3407FD83-0A2F-475E-BE94-34F1FA342C84}
Gadwin PrintScreen-->C:\Program Files\Gadwin printscreen\PrintScreen\Uninstall.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"C:\Program Files\Hijackthis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.8-->"C:\Program Files\Limewire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes pro\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover PRO-->"C:\Program Files\Rogue remover pro\Update\RogueRemover PRO\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Natural Color-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
NOD32 Update Viewer 3.03.0-->"C:\Program Files\NOD32\View\NOD32view\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sophos Anti-Rootkit 1.3.1-->C:\Program Files\Rootkit fix\helper.exe remove
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CECB9B3D-E681-4458-85F8-8D182941AF1D}\SETUP.EXE" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot SD\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\Spyware blaster\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SuperNZB v3.2.1-->"C:\Program Files\NewzToolz-EZ\SuperNZB\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Trojan Remover 6.7.3-->"C:\Program Files\Trojan remover\Trojan Remover\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VIA Register Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Your Company Name\VIA Register Tool\Uninst.isu"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WINRar\uninstall.exe
=====HijackThis Backups=====
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
======Hosts File======
127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1
www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1
www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
======Security center information======
AV: ESET NOD32 Antivirus 3.0
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\DK;C:\Program Files\Quicktime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
